diff options
| author | Chris Lamb <chris@chris-lamb.co.uk> | 2016-04-23 07:01:19 +0100 |
|---|---|---|
| committer | René Moser <mail@renemoser.net> | 2016-04-23 08:01:19 +0200 |
| commit | 8d7d07020117c7bca9f66d3d17f72260a389ee31 (patch) | |
| tree | a0dd351557f7453333f1e3b2806d78ca7e272ee2 /system | |
| parent | 7d9b73ec5ab987f2b16da67a3a2abb25f9792443 (diff) | |
| download | ansible-modules-extras-8d7d07020117c7bca9f66d3d17f72260a389ee31.tar.gz | |
system/ufw.py: Add security warning re. removing ufw application prof…
It's not particularly obvious that removing an application will remove it
from ufw's own state, potentially leaving ports open on your box if you
upload your configuration.
Whilst this applies to a lot of things in Ansible, firewall rules might
cross some sort of line that justifies such a warning in his instance.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Diffstat (limited to 'system')
| -rw-r--r-- | system/ufw.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/system/ufw.py b/system/ufw.py index cd148edf..89376e7c 100644 --- a/system/ufw.py +++ b/system/ufw.py @@ -142,7 +142,9 @@ ufw: rule=reject port=auth log=yes # for details. Typical usage is: ufw: rule=limit port=ssh proto=tcp -# Allow OpenSSH +# Allow OpenSSH. (Note that as ufw manages its own state, simply removing +# a rule=allow task can leave those ports exposed. Either use delete=yes +# or a separate state=reset task) ufw: rule=allow name=OpenSSH # Delete OpenSSH rule |