---

- name: Install ufw
  ansible.builtin.package:
    name: ufw
    state: present

- name: Permit outgoing flows
  community.general.ufw:
    default: allow
    direction: outgoing

- name: Deny incoming flows
  community.general.ufw:
    default: deny
    direction: incoming

- name: Allow incoming SSH
  community.general.ufw:
    rule: allow
    port: ssh
    proto: tcp

- name: Allow incoming HTTP
  community.general.ufw:
    rule: allow
    port: http
    proto: tcp

- name: Allow incoming SMTP
  community.general.ufw:
    rule: allow
    port: smtp
    src: "{{ item }}"
  loop: "{{ ufw_allowed_smtp_ips }}"

- name: Allow incoming DNS
  community.general.ufw:
    rule: allow
    port: domain

- name: Set logging
  community.general.ufw:
    logging: "on"

- name: Enable UFW
  community.general.ufw:
    state: enabled