Commit d7c118bd authored by Mathieu Lutfy's avatar Mathieu Lutfy Committed by bgm
Browse files

ansible/ufw: update ufw with upstream

parent e2ed0f94
......@@ -2,3 +2,10 @@
# If your infrastructure is dual-stack ipv6/ipv4, make sure to include all IPs.
ufw_munin_allow_src:
- 127.0.0.1
fail2ban_ignoreip: 127.0.0.1/8
# It can be convenient to block on IPv4, but allow IPv6 (less noize from bots)
# or in some cases, we whitelist specific IPs
ufw_ipv4_allow_ssh: true
ufw_ipv6_allow_ssh: true
......@@ -19,6 +19,7 @@
- name: Allow ssh on IPv6 only
ufw: proto=tcp port=22 src="::/0" rule=allow
when: ufw_ipv6_allow_ssh == true
tags:
- ufw
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment