# ===================================================================================================
#  ?                                           ABOUT
#  @author         :  Noah Knegt
#  @email          :  personal@noahknegt.com
#  @repo           :  https://git.noahknegt.com/noah.knegt/ansible-automations
#  @createdOn      :  01-06-2023
#  @description    :
# ===================================================================================================

---
- name: Install UFW
  ansible.builtin.package:
    name: ufw
    state: present

- name: UFW deny all incoming traffic
  community.general.ufw:
    default: deny
    direction: incoming

- name: UFW allow all outbound traffic
  community.general.ufw:
    default: allow
    direction: outgoing

- name: Allow all access from RFC1918 networks to this host
  community.general.ufw:
    direction: incoming
    rule: allow
    src: "{{ item }}"
  loop:
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16

- name: UFW allow default ssh port
  community.general.ufw:
    direction: incoming
    rule: limit
    port: ssh

- name: UFW allow custom ssh port
  when: setup_openssh_port is defined
  community.general.ufw:
    direction: incoming
    rule: allow
    port: "{{ setup_openssh_port }}"