firewall.yml aktualisiert

firewall.yml

@@ -3,6 +3,7 @@
 - name: Firewall with ufw
   hosts: all
   tasks:
+
     - name: Install Basic Packages
       apt:
         name: 
@@ -10,17 +11,31 @@
         update_cache: no
         install_recommends: no
 
+    - name: check this system has hardening flag set
+      stat: 
+        path: /etc/dohardening
+      register: hardening
+
     - name: Allow all access to tcp port 22 (ssh)
       community.general.ufw:
         rule: deny
         port: '22'
         proto: tcp
+      when: hardening.exists
 
     - name: Allow all access to tcp port 33 (ssh)
       community.general.ufw:
         rule: allow
         port: '33'
         proto: tcp
+      when: hardening.exists
+
+    - name: Allow all access to tcp port 22 (ssh)
+      community.general.ufw:
+        rule: allow
+        port: '22'
+        proto: tcp
+      when: hardening is undefined
 
     - name: Deny everything per policy and enable UFW
       community.general.ufw: