Documentation
PLEASE NOTE: This document applies to v2.19 version and not to the latest stable release v2.20
Documentation for other releases can be found by using the version selector in the top right of any doc page.ufw
Manage Ubuntu Uncomplicated Firewall (UFW).
Attributes
check_mode:
support: full
Parameters
| Parameter | Required | Type | Values | Description |
|---|---|---|---|---|
| comment | string | Comment for the rule. | ||
| direction | string | in out |
The direction for the policy (incoming or outgoing). [default: "incoming"] |
|
| from_ip | string | Source IP address or CIDR. | ||
| policy | string | allow deny reject |
Set the default policy for incoming or outgoing traffic. | |
| port | string | Port number or service name. | ||
| proto | string | tcp udp |
Protocol (tcp or udp). | |
| rule | string | allow deny reject limit |
The rule action (allow, deny, reject, limit). | |
| rule_state | string | present absent |
Whether the rule should be present or absent. [default: "present"] |
|
| state | string | enabled disabled reset reloaded |
Whether the firewall should be enabled, disabled, reset, or reloaded. | |
| to_ip | string | Destination IP address or CIDR. |
Examples
- name: Enable UFW
ufw:
state: enabled
- name: Set default incoming policy to deny
ufw:
policy: deny
direction: in
- name: Allow SSH
ufw:
rule: allow
port: "22"
proto: tcp
- name: Allow HTTP
ufw:
rule: allow
port: "80"
proto: tcp
- name: Allow HTTPS
ufw:
rule: allow
port: "443"
proto: tcp
- name: Allow port from specific IP
ufw:
rule: allow
port: "3306"
proto: tcp
from_ip: "192.168.1.0/24"
- name: Deny port
ufw:
rule: deny
port: "23"
proto: tcp
- name: Allow service
ufw:
rule: allow
port: ssh
- name: Limit SSH connections
ufw:
rule: limit
port: "22"
proto: tcp
- name: Allow outgoing traffic to specific IP
ufw:
rule: allow
to_ip: "10.0.0.1"
direction: out
- name: Delete a rule
ufw:
rule: allow
port: "8080"
proto: tcp
state: absent
- name: Reload UFW
ufw:
state: reloaded
- name: Reset UFW to defaults
ufw:
state: reset