Open firewall ports in Debian like systems — Ansible module ufw
How to open firewall HTTP and HTTPS ports in Debian-like systems using Ansible and ufw, the Uncomplicated Firewall. I’m going to show you a live demo and some simple Ansible code: Debian, Ubuntu, Linux Mint, MX Linux, Deepin, AntiX, PureOS, Kali Linux, Parrot OS, Devuan, Knoppix, AV Linux Linux
How to open firewall ports in Debian-like systems with Ansible? I’m going to show you a live demo and some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.
Ansible open firewall ports in Debian-like systems
Today we’re talking about the Ansible module UFW.
The full name is community.general.ufw, which means that is part of the collection supported by the Ansible community. This module requires Ansible 2.9+.
It works in Debian-like systems so distributions like Debian, Ubuntu, and Mint with ufw firewall, the Uncomplicated Firewall.
This module manages the firewall with UFW.
Parameters
The parameter list is pretty wide but this are the most important options for our use case to open firewall ports. The first set of parameters controls UFW program and the second the single rules.
UFW program parameters
- default string (policy) - allow / deny / reject
- logging string - on / off / low / medium / high /full
- state string - enabled / present / absent / disabled
Let’s start with three UFW program parameters. The “default” parameter, also called as “policy”, change the default policy for incoming or outgoing traffic. The “logging” parameter toggles UFW logging. Logged packets use the LOG_KERN syslog facility. The “state” parameter specify to enable or disable firewall. Four options are possible:
- “enabled” reloads firewall and enables firewall on boot,
- “disabled” unloads firewall and disables firewall on boot,
- “reloaded” reloads firewall,
- “reset” disables and resets firewall to installation defaults.
rule-specific parameters
- rule string - allow / deny / limit / reject
- name string (app) -
/etc/ufw/applications.d - port string (to_port) - destination port
- proto string - any / tcp / udp / ipv6 / esp / ah/ gre /igmp
Now let’s move to four rule-specific parameters. The “rule” parameter adds a firewall rule with four options available: “allow” / “deny” / “limit” / “reject”.
The “name” parameter, also called “app”, uses a profile located in /etc/ufw/applications.d.
The “to_port” parameter, also called “port”, specifies the destination port. It could be a single port or a range for example (60000:61000).
The “proto” parameter specifies the destination protocol.
The Best Resources For Ansible
Certifications
The Linux Foundation Linux Performance Tuning - Build a broad toolkit to optimize Linux performance from the kernel up
Coursera Pro - Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs—all included in your subscription
Video Course
Printed Book
Ansible For VMware by Examples
Ansible for Kubernetes by Example
Hands-on Ansible Automation
Red Hat Ansible Automation Platform
eBooks
Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Ansible Cookbook: A Comprehensive Guide to Unleashing the Power of Ansible via Best Practices, Troubleshooting, and Linting Rules with Luca Berton
Terraform By Example: A Practical Approach for Beginners to Learn Cloud Infrastructure with Terraform
Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios
demo
Let’s jump in a real-life demo about how to open firewall ports in Debian-like systems with Ansible Playbook.
- verify-firewall.sh
# apt list nginx
# sudo ufw status
# sudo ufw status verbose
- ufw.yml
---
- name: ufw module demo
hosts: all
become: true
tasks:
- name: nginx installed
ansible.builtin.apt:
name: "nginx"
state: "present"
update_cache: true
- name: ufw enabled
community.general.ufw:
state: "enabled"
policy: "deny"
logging: "on"
- name: ufw rules
community.general.ufw:
rule: "allow"
port: "{{ item }}"
proto: "tcp"
with_items:
- "22"
- "80"
- "443"
Recap
Now you know how to open firewall ports in Debian-like systems with Ansible using UFW, the uncomplicated Firewall. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.
Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate
