??????????????
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 173

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 174

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 175

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 176

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 177

Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 178
ó àUdac@`s­ddlmZmZmZeZidd6dgd6dd6ZdZd Zdd l Z dd l m Z dd l m Z d „Zd„Zd„Zedkr©eƒnd S(i(tabsolute_importtdivisiontprint_functions1.1tmetadata_versiontpreviewtstatust communityt supported_bysh --- module: ufw short_description: Manage firewall with UFW description: - Manage firewall with UFW. version_added: 1.6 author: - Aleksey Ovcharenko (@ovcharenko) - Jarno Keskikangas (@pyykkis) - Ahti Kitsik (@ahtik) notes: - See C(man ufw) for more examples. requirements: - C(ufw) package options: state: description: - C(enabled) reloads firewall and enables firewall on boot. - C(disabled) unloads firewall and disables firewall on boot. - C(reloaded) reloads firewall. - C(reset) disables and resets firewall to installation defaults. type: str choices: [ disabled, enabled, reloaded, reset ] default: description: - Change the default policy for incoming or outgoing traffic. type: str choices: [ allow, deny, reject ] aliases: [ policy ] direction: description: - Select direction for a rule or default policy command. type: str choices: [ in, incoming, out, outgoing, routed ] logging: description: - Toggles logging. Logged packets use the LOG_KERN syslog facility. type: str choices: [ 'on', 'off', low, medium, high, full ] insert: description: - Insert the corresponding rule as rule number NUM. - Note that ufw numbers rules starting with 1. type: int insert_relative_to: description: - Allows to interpret the index in I(insert) relative to a position. - C(zero) interprets the rule number as an absolute index (i.e. 1 is the first rule). - C(first-ipv4) interprets the rule number relative to the index of the first IPv4 rule, or relative to the position where the first IPv4 rule would be if there is currently none. - C(last-ipv4) interprets the rule number relative to the index of the last IPv4 rule, or relative to the position where the last IPv4 rule would be if there is currently none. - C(first-ipv6) interprets the rule number relative to the index of the first IPv6 rule, or relative to the position where the first IPv6 rule would be if there is currently none. - C(last-ipv6) interprets the rule number relative to the index of the last IPv6 rule, or relative to the position where the last IPv6 rule would be if there is currently none. type: str choices: [ first-ipv4, first-ipv6, last-ipv4, last-ipv6, zero ] default: zero version_added: "2.8" rule: description: - Add firewall rule type: str choices: [ allow, deny, limit, reject ] log: description: - Log new connections matched to this rule type: bool from_ip: description: - Source IP address. type: str default: any aliases: [ from, src ] from_port: description: - Source port. type: str to_ip: description: - Destination IP address. type: str default: any aliases: [ dest, to] to_port: description: - Destination port. type: str aliases: [ port ] proto: description: - TCP/IP protocol. type: str choices: [ any, tcp, udp, ipv6, esp, ah, gre, igmp ] aliases: [ protocol ] name: description: - Use profile located in C(/etc/ufw/applications.d). type: str aliases: [ app ] delete: description: - Delete rule. type: bool interface: description: - Specify interface for rule. type: str aliases: [ if ] route: description: - Apply the rule to routed/forwarded packets. type: bool comment: description: - Add a comment to the rule. Requires UFW version >=0.35. type: str version_added: "2.4" s¾ - name: Allow everything and enable UFW ufw: state: enabled policy: allow - name: Set logging ufw: logging: 'on' # Sometimes it is desirable to let the sender know when traffic is # being denied, rather than simply ignoring it. In these cases, use # reject instead of deny. In addition, log rejected connections: - ufw: rule: reject port: auth log: yes # ufw supports connection rate limiting, which is useful for protecting # against brute-force login attacks. ufw will deny connections if an IP # address has attempted to initiate 6 or more connections in the last # 30 seconds. See http://www.debian-administration.org/articles/187 # for details. Typical usage is: - ufw: rule: limit port: ssh proto: tcp # Allow OpenSSH. (Note that as ufw manages its own state, simply removing # a rule=allow task can leave those ports exposed. Either use delete=yes # or a separate state=reset task) - ufw: rule: allow name: OpenSSH - name: Delete OpenSSH rule ufw: rule: allow name: OpenSSH delete: yes - name: Deny all access to port 53 ufw: rule: deny port: '53' - name: Allow port range 60000-61000 ufw: rule: allow port: 60000:61000 proto: tcp - name: Allow all access to tcp port 80 ufw: rule: allow port: '80' proto: tcp - name: Allow all access from RFC1918 networks to this host ufw: rule: allow src: '{{ item }}' loop: - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - name: Deny access to udp port 514 from host 1.2.3.4 and include a comment ufw: rule: deny proto: udp src: 1.2.3.4 port: '514' comment: Block syslog - name: Allow incoming access to eth0 from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 ufw: rule: allow interface: eth0 direction: in proto: udp src: 1.2.3.5 from_port: '5469' dest: 1.2.3.4 to_port: '5469' # Note that IPv6 must be enabled in /etc/default/ufw for IPv6 firewalling to work. - name: Deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on this host ufw: rule: deny proto: tcp src: 2001:db8::/32 port: '25' - name: Deny all IPv6 traffic to tcp port 20 on this host # this should be the first IPv6 rule ufw: rule: deny proto: tcp port: '20' to_ip: "::" insert: 0 insert_relative_to: first-ipv6 - name: Deny all IPv4 traffic to tcp port 20 on this host # This should be the third to last IPv4 rule # (insert: -1 addresses the second to last IPv4 rule; # so the new rule will be inserted before the second # to last IPv4 rule, and will be come the third to last # IPv4 rule.) ufw: rule: deny proto: tcp port: '20' to_ip: "::" insert: -1 insert_relative_to: last-ipv4 # Can be used to further restrict a global FORWARD policy set to allow - name: Deny forwarded/routed traffic from subnet 1.2.3.0/24 to subnet 4.5.6.0/24 ufw: rule: deny route: yes src: 1.2.3.0/24 dest: 4.5.6.0/24 N(t itemgetter(t AnsibleModulecC`sd}|d7}tj|ƒS(Ns1((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}s((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])(tretcompile(tr((s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytcompile_ipv4_regexps cC`smd}|d7}|d7}|d7}|d7}|d7}|d7}|d7}|d 7}|d 7}tj|ƒS( s¢ validation pattern provided by : https://stackoverflow.com/questions/53497/regular-expression-that-matches- valid-ipv6-addresses#answer-17871737 sC(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:sC|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}sD(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4})sC{1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]sD{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]sC{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4})sC{0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]sB|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}sC[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}s7[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(R R (R ((s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytcompile_ipv6_regexps         c/0`s¡ ddddg}tdtdtdddd d d d gƒdtddd dgddddgƒdtdddddddddgƒdtddddddddgƒdtdddtƒd tdddtƒd!tdd"ƒd#tdd$d%d&d'd(gdd$ƒdtdddddd)dgƒd*tddd d+gƒd,tdddtƒd-tdddd.d d/d0gƒd1tddƒd2tdddd.d d3d4gƒd5tddd d6gƒd7tddd d8gdd9d.d:d;d<d=d>d?gƒd@tddd dAgƒdBtddƒƒdCtdDd@d7dggdE|gdFtd*dyƒƒ‰g‰tƒ‰tƒ‰dG„}dH„}dI„}dJ„‰‡‡fdK†}‡‡fdL†}‡fdM†}‡fdN†}t‡‡fdO†‰‡‡fdP†}‡‡‡fdQ†} ˆj‰t‡fdR†|Dƒƒ} ˆjdStƒ‰ˆjdTtƒ‰ˆˆgdUggƒ} |ƒ} t} x| jƒD]\}}ˆgˆj dVgg}|dkrfidWd 6dXd 6dYd 6d d 6}|dzkröt} nˆj rE| j dZƒd[k}|d kr&|s9|d krc| rct} qcq ˆ|d\g||ggƒq|dkr4t j d]| ƒ}|r|j d^ƒ}|j d_ƒ}|dkrí|dkrÉt} q|dkr||krt} qq |dkr t} q nt} ˆj s ˆ||g|ggƒq q|dkr1ˆdd{krcˆjd`daƒnˆj r db}t j || ƒ}|dk ri}|j d_ƒ|d<|j d^ƒ|d<|j dcƒ|d<|ˆdpßd}||d fkrt} qq.t} q ˆ||g|gˆdggƒq|dkrˆdd|kr`ˆjd`ddƒn|jˆjˆd ƒd gƒ|jˆjˆdƒdgƒˆd!dk rúˆd#}|d$krÓˆd!}nˆjˆdedfgƒ\}}}t jdgƒ}g|jƒD]!}|j|ƒdh|kf^q}g|D]-\} }!| r>t| j d_ƒƒ|!f^q>}|rœtg|D]\}"}!|"^qƒndi}#tg|D]\}"}!|! ^q¬ƒ}$tg|D]\}"}!|!^qÒƒ}%|d%krd_}&nµ|d&krH|$r?tg|D]\}"}!|!s|"^qƒnd_}&no|d'kr’|$r‰tg|D]\}"}!|!sd|"^qdƒd_nd_}&n%|d(kr·|%rª|#n|#d_}&nˆd!|&}||#krÚd}n|j|dk dj|gƒn|j|gƒ|jˆddkˆdgƒ|jˆd*dlˆd*gƒ|jˆjˆd,ƒd,gƒxGd}d~dd€dd‚gD]-\}'}(ˆ|'}|j||(|gƒq W| ƒ\})}*}|)dikrÜ |*drksè |)dikr |jˆdBdsˆdBgƒnˆ|ƒ}+ˆj r t|dt|+ƒƒ},|,dikoX |,t|+jtƒƒks |du|+ƒ}+|ˆd-ƒsŠ |ˆd2ƒr® || ƒ||+ƒkr t} q q |ˆd-ƒsÎ |ˆd2ƒrò || ƒ||+ƒkr t} q q | |+kr t} q q q qqWˆj r3 ˆjdv| dwˆƒSˆˆgdegdxggƒ}-| s{ |ƒ}.| |-kpu | |.k} nˆjdv| dwˆd`|-jƒƒSdS(ƒNtstatetdefaulttruletloggingt argument_specttypetstrtchoicestenabledtdisabledtreloadedtresettaliasestpolicytallowtdenytrejecttfullthightlowtmediumtofftont directiontintincomingtouttoutgoingtroutedtdeletetbooltroutetinserttinttinsert_relative_totzeros first-ipv4s last-ipv4s first-ipv6s last-ipv6tlimitt interfacetiftlogtfrom_iptanytfromtsrct from_porttto_iptdestttotto_porttporttprototprotocoltahtesptipv6ttcptudptgretigmptnametapptcommenttsupports_check_modetmutually_exclusivetrequired_one_oft required_bycS`s8djg|jtƒD]}|j|ƒr|^qƒS(Nt(tjoint splitlinestTruet startswith(tpatterntcontenttline((s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytfilter_line_that_not_start_withVscS`s,g|jtƒD]}||kr|^qS(N(RSRT(RVRWRX((s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytfilter_line_that_containsYscS`s8djg|jtƒD]}|j|ƒs|^qƒS(NRQ(RRRSRTtcontains(RVRWRX((s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytfilter_line_that_not_contains\scS`s;djg|jtƒD]}||ƒdk r|^qƒS(NRQ(RRRSRTtNone(t match_funcRWRX((s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytfilter_line_that_match_func_sc`sˆˆj|ƒS(N(tsearch(RW(R_t ipv4_regexp(s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytfilter_line_that_contains_ipv4bsc`sˆˆj|ƒS(N(R`(RW(R_t ipv6_regexp(s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytfilter_line_that_contains_ipv6esc`sˆj|ƒdk S(N(tmatchR](tip(Ra(s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytis_starting_by_ipv4hsc`sˆj|ƒdk S(N(ReR](Rf(Rc(s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytis_starting_by_ipv6ksc`s•djttdƒttdƒ|ƒƒƒ}ˆj|ƒˆj|didd6ƒ\}}}|dkr‘| r‘ˆjd|p„|dˆƒn|S( Nt iÿÿÿÿitenviron_updatetCtLANGtmsgtcommands(RRtmapRtfiltertappendt run_commandt fail_json(tcmdt ignore_errortrcR)terr(tcmdstmodule(s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytexecutens - %c`scddddddg}ˆgdgdgg}|jg|D]}|g^q=ƒˆ|d tƒS( Ns/lib/ufw/user.ruless/lib/ufw/user6.ruless/etc/ufw/user.ruless/etc/ufw/user6.ruless/var/lib/ufw/user.ruless/var/lib/ufw/user6.ruless-hs '^### tuple'Ru(textendRT(tuser_rules_filesRttf(Rztgrep_bin(s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytget_current_rulesys #c`s(ˆˆgdggƒ}g|jdƒD]}|jƒdkr(|^q(}t|ƒdkr}ˆjddddd|ƒntjd |dƒ}|d kr¾ˆjddddd|ƒnt|jd ƒƒ}t|jd ƒƒ}d}|jd ƒd k rt|jd ƒƒ}n|||fS(sU Returns the major and minor version of ufw installed on the system. s --versions RQiRmsFailed to get ufw version.RvR)s!^ufw.+(\d+)\.(\d+)(?:\.(\d+))?.*$iiiN( tsplittstriptlenRsR R`R]R0tgroup(R)txtlinestmatchestmajortminortrev(RzRytufw_bin(s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pyt ufw_version†s4 c3`s)|]}ˆ|r|ˆ|fVqdS(N((t.0tkey(tparams(s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pys Ÿstufwtgrepsstatus verboses --dry-runtenabletdisabletreloads activeiÿÿÿÿs-fs#Logging: (on|off)(?: \(([a-z]+)\))?iiRmsnFor default, direction must be one of "outgoing", "incoming" and "routed", or direction must not be specified.stDefault: (deny|allow|reject) \(incoming\), (deny|allow|reject) \(outgoing\), (deny|allow|reject|disabled) \(routed\)isWFor rules, direction must be one of "in" and "out", or direction must not be specified.Rtnumbereds^\[ *([0-9]+)\] s(v6)is insert %ss%sson %ssfrom %ssport %ssto %ssproto %ssapp '%s'i#s comment '%s'tSkippings ### tupletchangedRntverbose(R&(Rsreset(R*R(R+N(sinsoutN(R7sfrom %s(R;sport %s(R<sto %s(R?sport %s(RAsproto %s(RJsapp '%s'(R tdicttFalseRTR RRŽt get_bin_pathtitemst check_modetfindR R`RƒR]RsRqtbooleanRrR RSReR0tmaxR8R‚t exit_jsontrstrip(/t command_keysRYRZR\RbRdRgRhRR‹Rnt pre_statet pre_rulesR–tcommandtvalueRttstatest ufw_enabledtextractt current_leveltcurrent_on_off_valuetregexptcurrent_default_valuestvtrelative_to_cmdt insert_totdummytnumbered_statetnumbered_line_reRXR…tmatcherREtnot last_numberthas_ipv4thas_ipv6t relative_toRttemplatet ufw_majort ufw_minort rules_drytnb_skipping_linet post_statet post_rules(( RxRzR_R~RaRcRyRŽRŠs>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pytmain/s,!''$$!!!6                % !              '      !4:1&%   : >       $"  '       t__main__(t __future__RRRRt __metaclass__tANSIBLE_METADATAt DOCUMENTATIONtEXAMPLESR toperatorRtansible.module_utils.basicR R RRÁt__name__(((s>/usr/lib/python2.7/site-packages/ansible/modules/system/ufw.pyt s       ÿ