---

- name: install base packages
  apt:
    name: ufw
    state: present
    update_cache: true

- name: deny all incoming traffic
  ufw:
    policy: deny
    direction: incoming

- name: allow all outgoing traffic
  ufw:
    policy: allow
    direction: outgoing

- name: allow incoming traffic for ssh and web server
  ufw:
    rule: allow
    direction: in
    to_port: "{{ item }}"
    proto: tcp
  with_items: "{{ ufw_allow_in }}"

- name: enable ufw
  ufw:
    state: enabled