Native YAML - system (#3625)

* Native YAML - system * Remove comment that is not applicable to the code
2025-10-08 09:24:01 -07:00 · 2016-12-02 15:48:22 +00:00 · 2016-12-02 15:48:22 +00:00 · cc25f24475
commit cc25f24475
parent 737c6afb54
26 changed files with 514 additions and 135 deletions
--- a/lib/ansible/modules/extras/system/ufw.py
+++ b/lib/ansible/modules/extras/system/ufw.py
@ -125,60 +125,103 @@ options:

 EXAMPLES = '''
 # Allow everything and enable UFW
-ufw: state=enabled policy=allow
+- ufw:
+    state: enabled
+    policy: allow

 # Set logging
-ufw: logging=on
+- ufw:
+    logging: on

 # Sometimes it is desirable to let the sender know when traffic is
 # being denied, rather than simply ignoring it. In these cases, use
 # reject instead of deny. In addition, log rejected connections:
-ufw: rule=reject port=auth log=yes
+- ufw:
+    rule: reject
+    port: auth
+    log: yes

 # ufw supports connection rate limiting, which is useful for protecting
 # against brute-force login attacks. ufw will deny connections if an IP
 # address has attempted to initiate 6 or more connections in the last
 # 30 seconds. See  http://www.debian-administration.org/articles/187
 # for details. Typical usage is:
-ufw: rule=limit port=ssh proto=tcp
+- ufw:
+    rule: limit
+    port: ssh
+    proto: tcp

 # Allow OpenSSH. (Note that as ufw manages its own state, simply removing
 # a rule=allow task can leave those ports exposed. Either use delete=yes
 # or a separate state=reset task)
-ufw: rule=allow name=OpenSSH
+- ufw:
+    rule: allow
+    name: OpenSSH

 # Delete OpenSSH rule
-ufw: rule=allow name=OpenSSH delete=yes
+- ufw:
+    rule: allow
+    name: OpenSSH
+    delete: yes

 # Deny all access to port 53:
-ufw: rule=deny port=53
+- ufw:
+    rule: deny
+    port: 53

 # Allow port range 60000-61000
-ufw: rule=allow port=60000:61000
+- ufw:
+    rule: allow
+    port: '60000:61000'

 # Allow all access to tcp port 80:
-ufw: rule=allow port=80 proto=tcp
+- ufw:
+    rule: allow
+    port: 80
+    proto: tcp

 # Allow all access from RFC1918 networks to this host:
-ufw: rule=allow src={{ item }}
-with_items:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
+- ufw:
+    rule: allow
+    src: '{{ item }}'
+  with_items:
+    - 10.0.0.0/8
+    - 172.16.0.0/12
+    - 192.168.0.0/16

 # Deny access to udp port 514 from host 1.2.3.4:
-ufw: rule=deny proto=udp src=1.2.3.4 port=514
+- ufw:
+    rule: deny
+    proto: udp
+    src: 1.2.3.4
+    port: 514

 # Allow incoming access to eth0 from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
-ufw: rule=allow interface=eth0 direction=in proto=udp src=1.2.3.5 from_port=5469 dest=1.2.3.4 to_port=5469
+- ufw:
+    rule: allow
+    interface: eth0
+    direction: in
+    proto: udp
+    src: 1.2.3.5
+    from_port: 5469
+    dest: 1.2.3.4
+    to_port: 5469

 # Deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on this host.
 # Note that IPv6 must be enabled in /etc/default/ufw for IPv6 firewalling to work.
-ufw: rule=deny proto=tcp src=2001:db8::/32 port=25
+- ufw:
+    rule: deny
+    proto: tcp
+    src: '2001:db8::/32'
+    port: 25

 # Deny forwarded/routed traffic from subnet 1.2.3.0/24 to subnet 4.5.6.0/24.
 # Can be used to further restrict a global FORWARD policy set to allow
-ufw: rule=deny route=yes src=1.2.3.0/24 dest=4.5.6.0/24
+- ufw:
+    rule: deny
+    route: yes
+    src: 1.2.3.0/24
+    dest: 4.5.6.0/24
 '''

 from operator import itemgetter