ufw-incoming-allowed
Example:
# Allow access to udp port 514 from host 1.2.3.4 and include a comment - ufw-incoming-allowed: protocol: udp from_ip: 1.2.3.4 to_port: 514 comment: allow syslog
Description
Configure ufw to allow incoming traffic that fits certain criteria.
This frecklet will also install 'ufw' if it is not already present, but it won't enable it if it is not already. Make sure you have a rule to let you back in if you do that!
Resources
Variables
| Name | Type | Default | Description |
|---|---|---|---|
|
string | -- | A comment to the rule. |
|
string | any | The source of the traffic to allow. |
|
integer | -- | The source port of the traffic to allow. |
|
string | -- | The name of the interface. |
|
string | any | The protocol. |
|
string | any | Destination IP address. |
|
integer | -- | The destination port of the traffic to allow. |
Examples
Example 1
Allow access to udp port 514 from host 1.2.3.4 and include a comment
Code
- ufw-incoming-allowed: protocol: udp from_ip: 1.2.3.4 to_port: 514 comment: allow syslog
Code
doc: short_help: ufw rule to allow incoming traffic help: | Configure ufw to allow incoming traffic that fits certain criteria. This frecklet will also install 'ufw' if it is not already present, but it won't enable it if it is not already. Make sure you have a rule to let you back in if you do that! references: ufw ubuntu community help: https://help.ubuntu.com/community/UFW "'ufw' ansible module": https://docs.ansible.com/ansible/latest/modules/ufw_module.html examples: - title: Allow access to udp port 514 from host 1.2.3.4 and include a comment vars: protocol: udp from_ip: 1.2.3.4 to_port: 514 comment: allow syslog args: interface: doc: short_help: The name of the interface. type: string required: false protocol: doc: short_help: The protocol. type: string allowed: - any - tcp - udp - ipv6 - esp - ah default: any required: false from_ip: doc: short_help: The source of the traffic to allow. type: string required: false default: any from_port: doc: short_help: The source port of the traffic to allow. type: integer required: false to_ip: doc: short_help: Destination IP address. type: string required: false default: any to_port: doc: short_help: The destination port of the traffic to allow. type: integer required: false comment: doc: short_help: A comment to the rule. type: string required: false frecklets: - ufw-installed - frecklet: name: ufw type: ansible-module properties: elevated: true idempotent: true internet: false desc: short: configure ufw to allow certain incoming traffic long: | Add a rule to ufw that allows certain incoming traffic to {%:: if interface ::%}interface {{:: interface ::}}{%:: else ::%}all interfaces{%:: endif ::%}. The incoming traffic must match: {%:: if protocol ::%}protocol: {{:: protocol ::}} {%:: endif ::%}{%:: if from_ip ::%}from_ip: {{:: from_ip ::}} {%:: endif ::%}{%:: if to_ip ::%}to_ip: {{:: to_ip ::}} {%:: endif ::%}{%:: if from_port ::%}from_port: {{:: from_port ::}} {%:: endif ::%}{%:: if to_port ::%}to_port: {{:: to_port ::}} {%:: endif ::%}{%:: if comment ::%}comment: {{:: comment ::}} {%:: endif ::%} task: become: true vars: rule: allow interface: '{{:: interface ::}}' direction: in proto: '{{:: protocol ::}}' from_ip: '{{:: from_ip ::}}' from_port: '{{:: from_port ::}}' to_ip: '{{:: to_ip ::}}' to_port: '{{:: to_port ::}}' comment: '{{:: comment ::}}'
frecklecute ufw-incoming-allowed --help Usage: frecklecute ufw-incoming-allowed [OPTIONS] Configure ufw to allow incoming traffic that fits certain criteria. This frecklet will also install 'ufw' if it is not already present, but it won't enable it if it is not already. Make sure you have a rule to let you back in if you do that! Options: --comment COMMENT A comment to the rule. --from-ip FROM_IP The source of the traffic to allow. --from-port FROM_PORT The source port of the traffic to allow. --interface INTERFACE The name of the interface. --protocol PROTOCOL The protocol. --to-ip TO_IP Destination IP address. --to-port TO_PORT The destination port of the traffic to allow. --help Show this message and exit.
# -*- coding: utf-8 -*- # # module path: pycklets.ufw_incoming_allowed.UfwIncomingAllowed # from dataclasses import dataclass from pyckles import AutoPycklet from typing import * # noqa @dataclass class UfwIncomingAllowed(AutoPycklet): """Configure ufw to allow incoming traffic that fits certain criteria. This frecklet will also install 'ufw' if it is not already present, but it won't enable it if it is not already. Make sure you have a rule to let you back in if you do that! Args: comment: A comment to the rule. from_ip: The source of the traffic to allow. from_port: The source port of the traffic to allow. interface: The name of the interface. protocol: The protocol. to_ip: Destination IP address. to_port: The destination port of the traffic to allow. """ FRECKLET_ID = "ufw-incoming-allowed" comment: str = None from_ip: str = None from_port: int = None interface: str = None protocol: str = None to_ip: str = None to_port: int = None def __post_init__(self): super(UfwIncomingAllowed, self).__init__(var_names=["comment", "from_ip", "from_port", "interface", "protocol", "to_ip", "to_port"]) frecklet_class = UfwIncomingAllowed
# -*- coding: utf-8 -*- # # module path: pycklets.ufw_incoming_allowed.UfwIncomingAllowed # from pyckles import AutoPycklet class UfwIncomingAllowed(AutoPycklet): """Configure ufw to allow incoming traffic that fits certain criteria. This frecklet will also install 'ufw' if it is not already present, but it won't enable it if it is not already. Make sure you have a rule to let you back in if you do that! Args: comment: A comment to the rule. from_ip: The source of the traffic to allow. from_port: The source port of the traffic to allow. interface: The name of the interface. protocol: The protocol. to_ip: Destination IP address. to_port: The destination port of the traffic to allow. """ FRECKLET_ID = "ufw-incoming-allowed" def __init__(self, comment=None, from_ip="any", from_port=None, interface=None, protocol="any", to_ip="any", to_port=None): super(UfwIncomingAllowed, self).__init__(var_names=["comment", "from_ip", "from_port", "interface", "protocol", "to_ip", "to_port"]) self._comment = comment self._from_ip = from_ip self._from_port = from_port self._interface = interface self._protocol = protocol self._to_ip = to_ip self._to_port = to_port @property def comment(self): return self._comment @comment.setter def comment(self, comment): self._comment = comment @property def from_ip(self): return self._from_ip @from_ip.setter def from_ip(self, from_ip): self._from_ip = from_ip @property def from_port(self): return self._from_port @from_port.setter def from_port(self, from_port): self._from_port = from_port @property def interface(self): return self._interface @interface.setter def interface(self, interface): self._interface = interface @property def protocol(self): return self._protocol @protocol.setter def protocol(self, protocol): self._protocol = protocol @property def to_ip(self): return self._to_ip @to_ip.setter def to_ip(self, to_ip): self._to_ip = to_ip @property def to_port(self): return self._to_port @to_port.setter def to_port(self, to_port): self._to_port = to_port frecklet_class = UfwIncomingAllowed