---
# UFW firewall configuration

- name: Reset UFW to default state
  community.general.ufw:
    state: reset
  when: ansible_facts['distribution'] == 'Ubuntu'

- name: Set UFW default policies
  community.general.ufw:
    direction: "{{ item.direction }}"
    policy: "{{ item.policy }}"
  loop:
    - { direction: 'incoming', policy: '{{ common_ufw_default_incoming }}' }
    - { direction: 'outgoing', policy: '{{ common_ufw_default_outgoing }}' }

- name: Allow specified ports through UFW
  community.general.ufw:
    rule: allow
    port: "{{ item.port }}"
    proto: "{{ item.proto }}"
    comment: "{{ item.comment }}"
  loop: "{{ common_ufw_allowed_ports }}"

- name: Enable UFW
  community.general.ufw:
    state: enabled
    logging: 'on'