improve documentation

we have elected to define networks in IT-Handbook added clearer examples that use this #5559 Our previous values matched a format that is no longer true Co-authored-by: Vickie Karasic <[email protected]>
pulibrary · Dec 20, 2024 · db67906 · db67906
1 parent 7ee0f8d
commit db67906
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 20 deletions.
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
@@ -148,7 +148,7 @@ ufw_campus_and_vpn:
   - 172.20.95.0/24 # Princeton VPN Subnet 1
   - 172.20.192.0/19 # Princeton VPN Subnet 2
 ufw_libnet:
-  - 128.112.0.0/16 # Princeton Wired
+  - 128.112.0.0/16 # Princeton Wired (Historically Forrestal Network)
   - 128.112.200.0/21 # PU Subnet - LibNet
 # Disallow
   # - 10.8.0.0/15 #Princeton Eduroam Secure Servicenet

diff --git a/roles/ufw_firewall/README.md b/roles/ufw_firewall/README.md
@@ -1,6 +1,6 @@
 # UFW Firewall Role
 
-This Ansible role configures the Uncomplicated Firewall (UFW) on our Linux systems. It allows you to define allowed and denied networks and ports, making it easy to manage your firewall rules.
+This Ansible role configures the Uncomplicated Firewall (UFW) on our Linux systems. It allows you to define allowed and denied networks and ports, making it easy to manage your firewall rules. Further descriptions of the networks will be on [IT-Handbook](https://github.com/pulibrary/pul-it-handbook)
 
 ## Requirements
 
@@ -16,24 +16,11 @@ the examples below allow ssh, http, and redis to those CIDR subnets. For ssh mak
 ```yaml
 ufw_firewall_rules:
   - protocol: tcp
-    source: 10.249.64.0/18
-    port: 22
-    action: ACCEPT
-  - protocol: tcp
-    source: 128.112.200.0/21
-    protocol: tcp
-    allowed_cidrs:
-      - 128.112.200.0/21
-  - service: http
-    protocol: tcp
-    allowed_cidrs: "{{ ufw_campus_and_vpn }}"
-  - service: http
+    source: "{{ ufw_campus_and_vpn }}"
     port: 80
     action: ACCEPT
   - protocol: tcp
-    source: 128.112.200.0/21
-    protocol: tcp
-    allowed_cidrs:
-      - 128.112.200.0/21
-      - 128.112.0.0/16
+    source: "{{ ufw_libnet }}"
+    port: 22
+    action: ACCEPT
 ```
diff --git a/roles/ufw_firewall/defaults/main.yml b/roles/ufw_firewall/defaults/main.yml
@@ -3,7 +3,7 @@ ufw_firewall_rules:
   - service: ssh
     port: 22
     protocol: tcp
-    allowed_cidrs: "{{ ufw_campus_and_vpn }}" 
+    allowed_cidrs: "{{ ufw_campus_and_vpn }}"
 # example of http in your group_vars/project
   #  - service: http
     #  port: 80