---
- name: Update the package cache
  apt:
    update_cache: true
    cache_valid_time: 3600

- name: Install ufw
  apt:
    name: ufw

- name: "Allow access on ports: {{ ufw_allow_ports | join(' ') }}"
  ufw:
    rule: allow
    port: "{{ item }}"
    proto: tcp
    state: enabled
  with_items: "{{ ufw_allow_ports }}"
  notify: Restart ufw

- name: "Disallow access on ports: {{ ufw_disallow_ports | join(' ') }}"
  ufw:
    rule: deny
    port: "{{ item }}"
  with_items: "{{ ufw_disallow_ports }}"
  notify: Restart ufw

- name: Default policy deny
  ufw:
    policy: deny

- name: Enable the firewall
  ufw:
    state: enabled