add firewall base role

playbooks/roles/firewall/tasks/main.yml

@@ -0,0 +1,43 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for firewall
+#
+- name: Ensure ufw is installed
+  ansible.builtin.apt:
+    name: ufw
+    state: present
+    update_cache: true
+  become: true
+
+- name: Enable ufw
+  community.general.ufw:
+    state: enabled
+  become: true
+
+- name: Allow SSH
+  community.general.ufw:
+    rule: allow
+    port: 22
+    proto: tcp
+  become: true
+
+# Allow ports for check_mk
+- name: Allow port 161 for check_mk 
+  community.general.ufw:
+    rule: allow
+    port: 161
+    proto: udp
+  become: true
+- name: Allow port 6556 for check_mk
+  community.general.ufw:
+    rule: allow
+    port: 6556
+    proto: tcp
+  become: true
+
+# Set default policy
+- name: Set default incoming policy to deny
+  community.general.ufw:
+    default: deny
+    direction: incoming
+  become: true