#SPDX-License-Identifier: MIT-0
---
# tasks file for firewall
#
- name: Ensure ufw is installed
  ansible.builtin.apt:
    name: ufw
    state: present
    update_cache: true
  become: true

- name: Enable ufw
  community.general.ufw:
    state: enabled
  become: true

- name: Allow SSH
  community.general.ufw:
    rule: allow
    port: 22
    proto: tcp
  become: true

# Allow ports for check_mk
- name: Allow port 161 for check_mk 
  community.general.ufw:
    rule: allow
    port: 161
    proto: udp
  become: true
- name: Allow port 6556 for check_mk
  community.general.ufw:
    rule: allow
    port: 6556
    proto: tcp
  become: true

# Set default policy
- name: Set default incoming policy to deny
  community.general.ufw:
    default: deny
    direction: incoming
  become: true