--- - name: Enable ufw ufw: state: enabled # ############################################ - name: Make sure logging is off ufw: logging: no - name: Logging (check mode) ufw: logging: yes check_mode: yes register: logging_check - name: Logging ufw: logging: yes register: logging - name: Get logging shell: | ufw status verbose | grep "^Logging:" register: ufw_logging environment: LC_ALL: C - name: Logging (idempotency) ufw: logging: yes register: logging_idem - name: Logging (idempotency, check mode) ufw: logging: yes check_mode: yes register: logging_idem_check - name: Logging (change, check mode) ufw: logging: full check_mode: yes register: logging_change_check - name: Logging (change) ufw: logging: full register: logging_change - name: Get logging shell: | ufw status verbose | grep "^Logging:" register: ufw_logging_change environment: LC_ALL: C - assert: that: - logging_check is changed - logging is changed - "ufw_logging.stdout == 'Logging: on (low)'" - logging_idem is not changed - logging_idem_check is not changed - "ufw_logging_change.stdout == 'Logging: on (full)'" - logging_change is changed - logging_change_check is changed # ############################################ - name: Default (check mode) ufw: default: reject direction: incoming check_mode: yes register: default_check - name: Default ufw: default: reject direction: incoming register: default - name: Get defaults shell: | ufw status verbose | grep "^Default:" register: ufw_defaults environment: LC_ALL: C - name: Default (idempotency) ufw: default: reject direction: incoming register: default_idem - name: Default (idempotency, check mode) ufw: default: reject direction: incoming check_mode: yes register: default_idem_check - name: Default (change, check mode) ufw: default: allow direction: incoming check_mode: yes register: default_change_check - name: Default (change) ufw: default: allow direction: incoming register: default_change - name: Get defaults shell: | ufw status verbose | grep "^Default:" register: ufw_defaults_change environment: LC_ALL: C - name: Default (change again) ufw: default: deny direction: incoming register: default_change_2 - name: Default (change all, check mode) ufw: default: allow check_mode: yes register: default_change_all_check - name: Default (change all) ufw: default: allow register: default_change_all - name: Get defaults shell: | ufw status verbose | grep "^Default:" register: ufw_defaults_change_all environment: LC_ALL: C - name: Default (change all, idempotent, check mode) ufw: default: allow check_mode: yes register: default_change_all_idem_check - name: Default (change all, idempotent) ufw: default: allow register: default_change_all_idem - assert: that: - default_check is changed - default is changed - "'reject (incoming)' in ufw_defaults.stdout" - default_idem is not changed - default_idem_check is not changed - default_change_check is changed - default_change is changed - "'allow (incoming)' in ufw_defaults_change.stdout" - default_change_2 is changed - default_change_all_check is changed - default_change_all is changed - default_change_all_idem_check is not changed - default_change_all_idem is not changed - "'allow (incoming)' in ufw_defaults_change_all.stdout" - "'allow (outgoing)' in ufw_defaults_change_all.stdout"