Documentation

latest
latest v2.20 v2.19 v2.18 v2.17 v2.16 v2.15 v2.14 v2.12 v2.11 v2.10 v2.9 v2.8 v2.7 v2.6 v2.5 v2.4 v2.3 v2.2 v2.1 v2.0 v1.10 v1.9 v1.8 v1.7 v1.6 v1.5 v1.4 v1.3 v1.2 v1.1 v1.0
      Edit on GitHub

      PLEASE NOTE: This document applies to latest version and not to the latest stable release v2.20

      Documentation for other releases can be found by using the version selector in the top right of any doc page.

      ufw

      Manage Ubuntu Uncomplicated Firewall (UFW).

      Attributes

      check_mode:
  support: full

      Parameters

      Parameter Required Type Values Description
      comment   string   Comment for the rule.
      direction   string in
      out      		 The direction for the policy (incoming or outgoing). [default: "incoming"]
      from_ip   string   Source IP address or CIDR.
      interface   string   Network interface for the rule.
      logging   string off
      on
      low
      medium
      high
      full      		 Logging level: off, on, low, medium, high, full.
      name   string   Service name to allow/deny (e.g., ssh, http).
      policy   string allow
      deny
      reject      		 Set the default policy for incoming or outgoing traffic.
      port   string   Port number or service name.
      proto   string tcp
      udp      		 Protocol (tcp or udp).
      route   boolean   Route traffic through the firewall. [default: false]
      rule   string allow
      deny
      reject
      limit      		 The rule action (allow, deny, reject, limit).
      rule_state   string present
      absent      		 Whether the rule should be present or absent. [default: "present"]
      state   string enabled
      disabled
      reset
      reloaded      		 Whether the firewall should be enabled, disabled, reset, or reloaded.
      to_ip   string   Destination IP address or CIDR.

      Examples

      - name: Enable UFW
  ufw:
    state: enabled

- name: Set default incoming policy to deny
  ufw:
    policy: deny
    direction: in

- name: Allow SSH
  ufw:
    rule: allow
    port: "22"
    proto: tcp

- name: Allow HTTP
  ufw:
    rule: allow
    port: "80"
    proto: tcp

- name: Allow HTTPS
  ufw:
    rule: allow
    port: "443"
    proto: tcp

- name: Allow port from specific IP
  ufw:
    rule: allow
    port: "3306"
    proto: tcp
    from_ip: "192.168.1.0/24"

- name: Deny port
  ufw:
    rule: deny
    port: "23"
    proto: tcp

- name: Allow service
  ufw:
    rule: allow
    port: ssh

- name: Limit SSH connections
  ufw:
    rule: limit
    port: "22"
    proto: tcp

- name: Allow outgoing traffic to specific IP
  ufw:
    rule: allow
    to_ip: "10.0.0.1"
    direction: out

- name: Delete a rule
  ufw:
    rule: allow
    port: "8080"
    proto: tcp
    state: absent

- name: Reload UFW
  ufw:
    state: reloaded

- name: Reset UFW to defaults
  ufw:
    state: reset

- name: Allow traffic on an interface
  ufw:
    rule: allow
    port: "53"
    proto: udp
    interface: eth0

- name: Enable logging
  ufw:
    logging: on