---

- name: install base packages
  apt:
    name: ufw
    state: present
    update_cache: true

- name: deny all incoming traffic
  ufw:
    policy: deny
    direction: incoming

- name: allow all outgoing traffic
  ufw:
    policy: allow
    direction: outgoing

- name: incoming rules
  ufw:
    rule: allow
    direction: in
    to_port: "{{ item.port if 'port' in item else item }}"
    proto: "{{ item.proto if 'proto' in item else 'tcp' }}"
  loop: "{{ ufw_allow }}"
  

- name: enable ufw
  ufw:
    state: enabled