---
# Configure UFW firewall

- name: Set UFW default deny incoming
  community.general.ufw:
    direction: incoming
    policy: deny

- name: Set UFW default allow outgoing
  community.general.ufw:
    direction: outgoing
    policy: allow

- name: Allow required ports
  community.general.ufw:
    rule: allow
    port: "{{ item.port | string }}"
    proto: "{{ item.proto }}"
    comment: "{{ item.comment }}"
  loop: "{{ ufw_allowed_ports }}"

- name: Enable UFW
  community.general.ufw:
    state: enabled