@ -1,6 +1,7 @@
#!/usr/bin/python
#!/usr/bin/python
# -*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# (c) 2014, Ahti Kitsik <ak@ahtik.com>
# (c) 2014, Jarno Keskikangas <jarno.keskikangas@gmail.com>
# (c) 2014, Jarno Keskikangas <jarno.keskikangas@gmail.com>
# (c) 2013, Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com>
# (c) 2013, Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com>
# (c) 2013, James Martin <jmartin@basho.com>
# (c) 2013, James Martin <jmartin@basho.com>
@ -27,7 +28,7 @@ short_description: Manage firewall with UFW
description:
description:
- Manage firewall with UFW.
- Manage firewall with UFW.
version_added: 1.6
version_added: 1.6
author: Aleksey Ovcharenko, Jarno Keskikangas
author: Aleksey Ovcharenko, Jarno Keskikangas, Ahti Kitsik
notes:
notes:
- See C(man ufw) for more examples.
- See C(man ufw) for more examples.
requirements:
requirements:
@ -65,12 +66,12 @@ options:
description:
description:
- Add firewall rule
- Add firewall rule
required: false
required: false
chois es: ['allow', 'deny', 'reject', 'limit']
choic es: ['allow', 'deny', 'reject', 'limit']
log:
log:
description:
description:
- Log new connections matched to this rule
- Log new connections matched to this rule
required: false
required: false
chois es: ['yes', 'no']
choic es: ['yes', 'no']
from_ip:
from_ip:
description:
description:
- Source IP address.
- Source IP address.
@ -111,7 +112,10 @@ options:
EXAMPLES = '''
EXAMPLES = '''
# Allow everything and enable UFW
# Allow everything and enable UFW
ufw: state=enable policy=allow logging=on
ufw: state=enabled policy=allow
# Set logging
ufw: logging=on
# Sometimes it is desirable to let the sender know when traffic is
# Sometimes it is desirable to let the sender know when traffic is
# being denied, rather than simply ignoring it. In these cases, use
# being denied, rather than simply ignoring it. In these cases, use
@ -163,8 +167,8 @@ def main():
argument_spec = dict(
argument_spec = dict(
state = dict(default=None, choices=['enabled', 'disabled', 'reloaded', 'reset']),
state = dict(default=None, choices=['enabled', 'disabled', 'reloaded', 'reset']),
default = dict(default=None, aliases=['policy'], choices=['allow', 'deny', 'reject']),
default = dict(default=None, aliases=['policy'], choices=['allow', 'deny', 'reject']),
logging = dict(default=None, chois es=['on', 'off', 'low', 'medium', 'high', 'full']),
logging = dict(default=None, choic es=['on', 'off', 'low', 'medium', 'high', 'full']),
direction = dict(default=None, chois es=['in', 'incoming', 'out', 'outgoing']),
direction = dict(default=None, choic es=['in', 'incoming', 'out', 'outgoing']),
delete = dict(default=False, type='bool'),
delete = dict(default=False, type='bool'),
insert = dict(default=None),
insert = dict(default=None),
rule = dict(default=None, choices=['allow', 'deny', 'reject', 'limit']),
rule = dict(default=None, choices=['allow', 'deny', 'reject', 'limit']),
@ -178,13 +182,14 @@ def main():
app = dict(default=None, aliases=['name'])
app = dict(default=None, aliases=['name'])
),
),
supports_check_mode = True,
supports_check_mode = True,
mutually_exclusive = [['app', 'proto']]
mutually_exclusive = [['app', 'proto', 'logging' ]]
)
)
cmds = []
cmds = []
def execute(cmd):
def execute(cmd):
cmd = ' '.join(map(itemgetter(-1), filter(itemgetter(0), cmd)))
cmd = ' '.join(map(itemgetter(-1), filter(itemgetter(0), cmd)))
cmds.append(cmd)
cmds.append(cmd)
(rc, out, err) = module.run_command(cmd)
(rc, out, err) = module.run_command(cmd)
@ -217,7 +222,7 @@ def main():
execute(cmd + [['-f'], [states[value]]])
execute(cmd + [['-f'], [states[value]]])
elif command == 'logging':
elif command == 'logging':
execute(cmd + [[command, value]])
execute(cmd + [[command] , [ value]])
elif command == 'default':
elif command == 'default':
execute(cmd + [[command], [value], [params['direction']]])
execute(cmd + [[command], [value], [params['direction']]])