ansible: Fix firewall role.

Change-Id: I3f68bb22351fca830a3b9a741033d8c3a773f39d

1 files changed, 23 insertions, 13 deletions

diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml
index 0c960e7..4ed9268 100644
--- a/ansible/roles/firewall/tasks/main.yml
+++ b/ansible/roles/firewall/tasks/main.yml
@@ -1,39 +1,53 @@
 ---
-- name: Install UFW package
+- name: Install ufw package
   apt:  pkg=ufw
         state=latest
         update_cache=yes
   tags:
     - firewall
 
-- name: Allow traffic through port 53
+- name: Fix default config file
+  lineinfile: dest=/etc/default/ufw
+              backup=yes
+              regexp=^IPT_SYSCTL=
+              state=present
+              line=IPT_SYSCTL=/etc/sysctl.conf
+  tags:
+    - firewall
+
+- name: Enable logging
+  ufw: logging=low
+  tags:
+    - firewall
+
+- name: Allow dns traffic
   ufw:  rule=allow
         port=53
   tags:
     - firewall
 
-- name: Allow SSH connections
+- name: Allow ssh connections
   ufw:  rule=allow
         port=22
         proto=tcp
   tags:
     - firewall
 
-- name: Rate limit SSH connections
+- name: Rate limit ssh connections
   ufw:  rule=limit
         port=22
         proto=tcp
   tags:
     - firewall
 
-- name: Accept connections on port 80
+- name: Accept web connections
   ufw:  rule=allow
         port=80
         proto=tcp
   tags:
     - firewall
 
-- name: Deny traffic and log it
+- name: Deny auth traffic and log it
   ufw:  rule=reject
         port=auth
         log=yes
@@ -41,19 +55,15 @@
     - firewall
 
 - name: Accept Zabbix traffic
-  ufw:  rule=accept
+  ufw:  rule=allow
         direction=in
         from={{ zabbix_ip }}
         port=10050
-  tags:
-    - firewall
-
-- name: Enable logging
-  ufw: logging=low
+  when: role == "production"
   tags:
     - firewall
 
 - name: Enable ufw
-  ufw: sate=enabled
+  ufw: state=enabled
   tags:
     - firewall