Add option to allow from specific source

robertdebock / ansible-role-firewall

Manage firewall ports on all (known) Linux operating systems.

https://robertdebock.nl/

Apache License 2.0

17 stars 15 forks source link

Add option to allow from specific source #5

Open rohankrishnadev opened 4 years ago

rohankrishnadev commented 4 years ago

Proposed feature

Add option for users to be able to configure source IP for a particular rule.

Rationale

As of now the firewall rules allow access from 0.0.0.0/0 but it would be useful to restrict the source to a certain IPs. For example, when I run a web server I'd like to allow access only from cloudflare IPs.

Additional context

If source IP isn't specified, then 0.0.0.0 can be used as default. Both firewall-cmd and ufw are able to support this.

Please consider sponsoring me.

dgibbs64 commented 2 years ago

ufw example here

- name: Allow all access from RFC1918 networks to this host
  community.general.ufw:
    rule: allow
    src: '{{ item }}'
  loop:
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16