snippetMinor
How to ensure that removed allowed ports will be removed using Ansible's UFW module?
Viewed 0 times
portsallowedremovedufwmoduleensurewillthatusinghow
Problem
The UFW module document has been read, but it is unclear how to let ansible remove ports that are not defined anymore.
It works to add new ports, but now 5 ports have been removed and I do not want to login to each of the more than 50 servers.
It is possible to write some custom exec, but I would like to use the Ansible's UFW module's functionality. Does it support such a scenario?
It works to add new ports, but now 5 ports have been removed and I do not want to login to each of the more than 50 servers.
It is possible to write some custom exec, but I would like to use the Ansible's UFW module's functionality. Does it support such a scenario?
Solution
Based on:
The following snippet was added to the top of the file:
Once ansible was run:
the undefined ports were removed
# Allow OpenSSH. (Note that as ufw manages its own state, simply removing
# a rule=allow task can leave those ports exposed. Either use delete=yes
# or a separate state=reset task)The following snippet was added to the top of the file:
---
- name: Reset UFW
ufw:
state: resetOnce ansible was run:
TASK [rolename : Reset UFW]the undefined ports were removed
Code Snippets
# Allow OpenSSH. (Note that as ufw manages its own state, simply removing
# a rule=allow task can leave those ports exposed. Either use delete=yes
# or a separate state=reset task)---
- name: Reset UFW
ufw:
state: resetTASK [rolename : Reset UFW]Context
StackExchange DevOps Q#1272, answer score: 4
Revisions (0)
No revisions yet.