ansible/playbooks/roles/firewall/tasks/main.yml

#SPDX-License-Identifier: MIT-0
---
# tasks file for firewall
#
- name: Ensure ufw is installed on Debian
  ansible.builtin.apt:
    name: ufw
    state: present
    update_cache: true
  become: true
  when: ansible_facts['os_family'] == "Debian"

- name: Ensure ufw is installed on Arch
  community.general.pacman:
    name: ufw
    state: present
    update_cache: true
  become: true
  when: ansible_facts['os_family'] == "Archlinux"

- name: Allow SSH
  community.general.ufw:
    rule: allow
    port: 22
    proto: tcp
  become: true

# Allow ports for check_mk
- name: Allow port 161 for check_mk 
  community.general.ufw:
    rule: allow
    port: 161
    proto: udp
  become: true
  when: ansible_facts["os_family"] == "Debian"

- name: Allow port 6556 for check_mk
  community.general.ufw:
    rule: allow
    port: 6556
    proto: tcp
  become: true
  when: ansible_facts["os_family"] == "Debian"

- name: Enable ufw
  community.general.ufw:
    state: enabled
  become: true