--- - name: Install ufw packages package: name: ufw state: present become: true - name: Allow all access from RFC1918 networks to this hosts ufw: rule: allow src: '{{ item }}' with_items: - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 become: true - name: Allow all access from any Comcast IP Space become: true ufw: rule: allow src: '{{ item }} ' with_items: - 72.94.169.223/32 - 100.96.0.0/11 - 103.72.193.0/24 - 107.0.0.0/14 - 107.4.0.0/15 - 108.171.224.0/20 - 147.191.0.0/16 - 162.148.0.0/14 - 162.17.0.0/16 - 165.137.0.0/16 - 169.152.0.0/16 - 169.152.0.0/16 - 173.160.0.0/13 - 173.8.0.0/13 - 174.160.0.0/11 - 174.48.0.0/12 - 184.108.0.0/14 - 184.112.0.0/12 - 193.57.148.0/22 - 198.0.0.0/16 - 198.137.252.0/23 - 198.178.8.0/21 - 207.223.0.0/20 - 208.110.192.0/19 - 208.39.128.0/18 - 209.23.192.0/18 - 216.45.128.0/17 - 23.24.0.0/15 - 23.30.0.0/15 - 23.68.0.0/14 - 232.128.0.0/13 - 232.232.0.0/14 - 232.36.0.0/14 - 232.40.0.0/14 - 232.44.0.0/14 - 232.48.0.0/14 - 232.52.0.0/14 - 232.56.0.0/14 - 232.64.0.0/14 - 232.80.0.0/14 - 232.96.0.0/14 - 239.12.0.0/14 - 239.16.0.0/14 - 239.20.0.0/14 - 239.24.0.0/14 - 239.28.0.0/14 - 239.32.0.0/14 - 24.0.0.0/12 - 24.104.0.0/17 - 24.104.128.0/19 - 24.118.0.0/16 - 24.124.128.0/17 - 24.125.0.0/16 - 24.126.0.0/15 - 24.128.0.0/16 - 24.129.0.0/17 - 24.130.0.0/15 - 24.147.0.0/16 - 24.149.128.0/17 - 24.153.64.0/19 - 24.153.72.0/21 - 24.16.0.0/13 - 24.218.0.0/16 - 24.245.0.0/18 - 24.30.0.0/17 - 24.34.0.0/16 - 24.40.0.0/18 - 24.40.64.0/20 - 24.60.0.0/14 - 24.91.0.0/16 - 24.98.0.0/15 - 3.81.241.149 - 50.128.0.0/9 - 50.73.0.0/16 - 50.76.0.0/14 - 64.139.64.0/19 - 64.235.160.0/19 - 64.56.32.0/19 - 64.78.64.0/18 - 65.34.128.0/17 - 65.96.0.0/16 - 66.176.0.0/15 - 66.208.192.0/18 - 66.229.0.0/16 - 66.240.0.0/18 - 66.30.0.0/15 - 66.41.0.0/16 - 66.56.0.0/18 - 67.160.0.0/11 - 67.178.0.0/17 - 67.178.128.0/17 - 67.179.0.0/16 - 68.32.0.0/11 - 68.80.0.0/13 - 68.85.0.0/20 - 68.85.128.0/17 - 68.85.16.0/20 - 68.85.32.0/19 - 68.85.64.0/18 - 68.86.0.0/18 - 68.86.128.0/17 - 68.86.64.0/18 - 68.87.0.0/20 - 68.87.128.0/18 - 68.87.16.0/20 - 68.87.192.0/19 - 68.87.224.0/20 - 68.87.240.0/20 - 68.87.32.0/19 - 68.87.64.0/18 - 69.136.0.0/13 - 69.139.128.0/20 - 69.139.144.0/20 - 69.139.160.0/19 - 69.139.192.0/18 - 69.180.0.0/15 - 69.240.0.0/12 - 70.88.0.0/14 - 71.192.0.0/12 - 71.224.0.0/12 - 71.24.0.0/14 - 71.56.0.0/13 - 72.55.0.0/17 - 73.0.0.0/8 - 74.144.0.0/12 - 74.16.0.0/12 - 74.81.128.0/19 - 74.92.0.0/14 - 75.144.0.0/13 - 75.64.0.0/13 - 75.72.0.0/15 - 75.74.0.0/16 - 75.75.0.0/17 - 75.75.128.0/18 - 75.75.72.0/21 - 76.128.0.0/11 - 76.16.0.0/12 - 76.96.0.0/11 - 96.100.0.0/14 - 96.106.0.0/15 - 96.108.0.0/17 - 96.108.128.0/18 - 96.108.192.0/19 - 96.108.224.0/19 - 96.109.0.0/16 - 96.110.0.0/16 - 96.111.0.0/16 - 96.112.0.0/13 - 96.120.0.0/14 - 96.124.0.0/16 - 96.128.0.0/10 - 96.192.0.0/11 - 96.64.0.0/11 - 96.96.0.0/12 - 98.192.0.0/10 - 98.205.0.0/16 - 98.241.0.0/16 - 98.32.0.0/11 - name: Allow DHCP ufw: rule: allow to_port: 67 become: true tags: ufw_dhcp - name: Enable UFW ufw: state: enabled policy: deny become: true