Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open Firewall Ports (incoming) #67

Closed
makefu opened this issue Nov 14, 2022 · 3 comments
Closed

Open Firewall Ports (incoming) #67

makefu opened this issue Nov 14, 2022 · 3 comments
Assignees
@uk-bolly
Labels
enhancement New feature or request

Comments

@makefu
Copy link

makefu commented Nov 14, 2022

  • Feature [x]

Summary of Request
Right now the ansible scripts allow to open outgoing firewall ports, however most if the time the configuration of incoming ports is more relevant. for this the ansible role could have a variable ubtu20cis_ufw_allow_in_ports which is used to programmatically configure incoming ports in a similar fashion

Describe alternatives you've considered
to implement this feature we currently perform firewall opening as extra steps after the ansible-lockdown role is run

Suggested Code

- name: "add incoming ports"
  ufw:
    rule: allow
    direction: in
    to_port: '{{ item }}'
  with_items:
    - "{{ ubtu20cis_ufw_allow_in_ports }}"
  notify: reload ufw
@makefu makefu added the enhancement New feature or request label Nov 14, 2022
@uk-bolly uk-bolly self-assigned this Feb 21, 2023
@uk-bolly
Copy link
Member

hi @makefu

Thank you for raising the enhancement to the ubunt20cis role. Apologies for the time is has taken to address this.
I will be adding this enhancement to the Feb23_updates branch over the next couple of days.
I have changed it slightly but you will find it listed in the defaults/main with the ufw options.

If you could please let us know how you get on.

Many thanks in advance

uk-bolly

uk-bolly added a commit that referenced this issue Feb 22, 2023
@uk-bolly
#67 - optional incomng ufw ports
ab55cfc 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly uk-bolly mentioned this issue Feb 23, 2023
Merged
@uk-bolly
Copy link
Member

uk-bolly commented Mar 3, 2023

hi @makefu

Thank you again for raising this issue and great enhancement. This has now been merged into the devel branch. Aiming to put this into main if all is well in the next couple of weeks.

many thanks again

uk-bolly

@uk-bolly uk-bolly mentioned this issue Mar 17, 2023
Merged
@MrSteve81
Copy link
Contributor

This was added to PR #74 that addressed a lot of fixes. This has been merged to main. Thanks @makefu for the find.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@makefu @uk-bolly @MrSteve81