How to open firewall ports in Debian-like systems with Ansible? I'm going to show you a live Playbook and some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot. Ansible open firewall ports in Debian-like systems Today we're talking about the Ansible module UFW. The full name is `community.general.ufw`, which means that is part of the collection supported by the Ansible community. This module requires Ansible 2.9+. It works in Debian-like systems so distributions like Debian, Ubuntu, and Mint with `ufw` firewall, the Uncomplicated Firewall. This module manages the firewall with UFW. Parameters The parameter list is pretty wide but these are the most important options for our use case to open firewall ports. The first set of parameters controls UFW program and the second the single rules. UFW program parameters | Parameter | Type | Options | Description | |-----------|------|---------|-------------| | `default` (policy) | string | allow / deny / reject | Change default policy for incoming or outgoing traffic | | `logging` | string | on / off / low / medium / high / full | Toggle UFW logging (uses LOG_KERN syslog) | | `state` | string | enabled / disabled / reloaded / reset | Enable, disable, reload, or reset firewall | | `direction` | string | in / incoming / out / outgoing / routed | Direction for the default policy | The "state" parameter options: - `enabled` - reloads firewall and enables firewall on boot - `disabled` - unloads firewall and disables firewall on boot - `reloaded` - reloads firewall - `reset` - disables and resets firewall to installation defaults Rule-specific parameters | Parameter | Type | Options | Description | |-----------|------|---------|-------------| | `rule` | string | allow / deny / limit / reject | Firewall rule action | | `name` (app) | string | Application name | Uses profile in `/etc/ufw/applications.d` | | `port` (to_port) | string | Port number or range | Destination port (e.g., `80` or `60000:61000`) | | `proto` | string | any / tcp / udp / ipv6 / esp / ah / gre / igmp | Protocol | | `from_ip` | string | IP address or CIDR | Source address (default: `any`) | | `to_ip` | string | IP address or CIDR | Destination address (default: `any`) | | `interface` | string | Interface name | Network interface for the rule | | `direction` | string | in / out | Direction for interface rules | | `route` | boolean | true / false | Apply rule to routed/forwarded packets | | `comment` | string | Text | Add comment to the rule | | `insert` | integer | Rule number | Insert rule at position instead of appending | | `insert_relative_to` | string | zero / first-ipv4 / last-ipv4 / first-ipv6 / last-ipv6 | Relative position for insert | | `delete` | boolean | true / false | Delete matching rule | | `log` | boolean | true / false | Log matched packets | Basic Playbook: Open Firewall Ports ```yaml --- - name: ufw module Playbook hosts: all become: true tasks: - name: nginx installed