ssa/ansible-role-firewall
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Migrated from github.com/shafiqalibhai/ansible-role-firewall https://galaxy.ansible.com/list#/roles/451
21 commits 1 branch 7 tags 46 KiB
  • Jinja 85.8%
  • Dockerfile 14.2%
Find a file
Exact
ssa 25bf90a7c8 Add Dockerfile: ansible runner with role pre-installed
2026-04-27 22:57:36 +00:00
defaults Fixes #8: Add option to disable dropped packet logging. 2015-05-18 12:57:36 -05:00
handlers Initial commit. 2014-03-03 22:18:58 -06:00
meta Updated metadata and docs. 2014-03-26 23:37:07 -05:00
tasks Make sure iptables is installed for firewall to work. 2014-03-26 23:33:43 -05:00
templates Fixes #8: Add option to disable dropped packet logging. 2015-05-18 12:57:36 -05:00
tests Add Travis CI test integration. 2014-05-08 22:42:24 -05:00
.travis.yml Update test. 2014-11-08 14:34:40 -06:00
Dockerfile Add Dockerfile: ansible runner with role pre-installed 2026-04-27 22:57:36 +00:00
README.md Update README with comprehensive project information 2026-04-27 20:32:49 +00:00

README.md

ansible-role-firewall

Overview

Installs a simple iptables-based firewall for RHEL/CentOS or Debian/Ubunty systems.

Detected project type: Ansible role.

This repository was migrated from upstream source github.com/shafiqalibhai/ansible-role-firewall and is preserved here for archival, reference, or continued local development.

At a glance

  • Default branch: master
  • Visibility: public
  • Size: 42 KB
  • Created: 2026-04-27
  • Last updated: 2026-04-27
  • Stars / Forks / Open issues: 0 / 0 / 0

Languages

Language Bytes Share
Jinja 3,344 bytes 100.0%

Repository structure

  • defaults/
  • handlers/
  • meta/
  • tasks/
  • templates/
  • tests/
  • .travis.yml (1,048 B)
  • README.md (2,139 B)

Getting started

Clone the repository:

git clone https://forgejo.deployview.com/ssa/ansible-role-firewall.git
cd ansible-role-firewall

Installation

ansible-galaxy install -r requirements.yml
ansible-playbook playbook.yml

Usage

Include this role/collection in a playbook and run with ansible-playbook. See defaults/main.yml (if present) for configurable variables.

Original README

The content below is preserved from the previous README. Headings have been demoted so they don't compete with the new top-level sections.

Ansible Role: Firewall (iptables)

Build Status

Installs a simple iptables-based firewall for RHEL/CentOS or Debian/Ubunty systems.

This firewall aims for simplicity over complexity, and only opens a few specific ports for incoming traffic (configurable through Ansible variables). If you have a rudimentary knowledge of iptables and/or firewalls in general, this role should be a good starting point for a secure system firewall.

After the role is run, a firewall init service will be available on the server. You can use service firewall [start|stop|restart|status] to control the firewall.

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see vars/main.yml):

firewall_allowed_tcp_ports:
  - "22"
  - "80"
  ...
firewall_allowed_udp_ports: []

A list of TCP or UDP ports (respectively) to open to incoming traffic.

firewall_forwarded_tcp_ports:
  - { src: "22", dest: "2222" }
  - { src: "80", dest: "8080" }
firewall_forwarded_udp_ports: []

Forward src port to dest port, either TCP or UDP (respectively).

firewall_additional_rules: []

Any additional (custom) rules to be added to the firewall (in the same format you would add them via command line, e.g. iptables [rule]).

firewall_log_dropped_packets: true

Whether to log dropped packets to syslog (messages will be prefixed with "Dropped by firewall: ").

Dependencies

None.

Example Playbook

- hosts: server
  vars_files:
    - vars/main.yml
  roles:
    - { role: geerlingguy.firewall }

Inside vars/main.yml:

firewall_allowed_tcp_ports:
  - "22"
  - "25"
  - "80"

TODO

  • Make outgoing ports more configurable.
  • Make other firewall features (like logging) configurable.

License

MIT / BSD

Author Information

This role was created in 2014 by Jeff Geerling, author of Ansible for DevOps.

Contributing

Contributions are welcome. The typical workflow is:

  1. Open an issue describing the change you'd like to make.
  2. Fork the repository (or create a feature branch if you have write access).
  3. Commit your changes with clear, descriptive messages.
  4. Open a pull request against the master branch.

Please follow the existing code style and include tests or reproduction steps where relevant.

License

No LICENSE file is currently present in this repository. Treat the contents as all rights reserved by the author until an explicit license is added. If you intend to share or accept contributions, consider adding an OSI-approved license such as MIT, Apache-2.0, or GPL-3.0.

Repository

  • Browse: https://forgejo.deployview.com/ssa/ansible-role-firewall
  • Clone (HTTPS): https://forgejo.deployview.com/ssa/ansible-role-firewall.git
  • Clone (SSH): ssh://git@forgejo.deployview.com:30143/ssa/ansible-role-firewall.git
  • Upstream / origin: github.com/shafiqalibhai/ansible-role-firewall

This README was generated automatically based on repository metadata, contents, and any prior README content. Edit any section above to add project-specific detail.