Skip to content

Download, install and configure UFW rules using Ansible 🅰

Quick role to configure UFW in your machines to allow local IP's and Tailscale traffic in.

ufw.png

Source Code

You cand find the source code to follow this guide on my Github

UFW Configuration Role for Ansible  ⚙ 🅰

This Ansible role configures UFW with basic security rules  📖 :

defaults/main.yaml
1
2
3
4
---
ssh_port: 22
allow_ssh: true
local_subnet: "192.168.178.0/24"
  • Allows SSH if allow_ssh: true
  • Allows all outgoing traffic
  • Blocks all incoming traffic by default
  • Allows internal LAN access (local_subnet)
  • Allows all Tailscale traffic (100.64.0.0/10)
  • Enables UFW

Variables  💱 :

Customize in vars/main.yml:

vars/main.yaml
1
2
3
4
---
ssh_port: 22
allow_ssh: true  # Set to false if SSH is not needed
local_subnet: "192.168.1.0/24"  # Adjust to match your home network
  • ssh_port: SSH port (default: 22)
  • allow_ssh: Whether to allow SSH (default: true)
  • local_subnet: Your LAN subnet (default: "192.168.1.0/24")

Create the playbook  📝

Write a simple playbook that calls the role:

ufw-setup.yaml
1
2
3
4
- hosts: all
  become: true
  roles:
    - ufw-config

Run the playbook  🏃

run:
1
ansible-playbook -i inventory ufw-setup.yaml

UFW will now be properly configured across all your VMs, LXCs, and containers!  🎉