From 458506e7982aa7cbca48fad463a09126681efae4 Mon Sep 17 00:00:00 2001
From: Mike Wilson <mikewilzn@gmail.com>
Date: Fri, 5 Sep 2025 16:09:28 -0400
Subject: [PATCH] Add step to enable ufw rules

---
 ansible/roles/btc/tasks/ufw.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/btc/tasks/ufw.yml b/ansible/roles/btc/tasks/ufw.yml
index 4398ba9..447e663 100644
--- a/ansible/roles/btc/tasks/ufw.yml
+++ b/ansible/roles/btc/tasks/ufw.yml
@@ -3,6 +3,11 @@
     name: ufw
     state: present
 
+# UFW logging can full up the kernel (dmesg) and message logs
+- name: Disable logging
+  community.general.ufw:
+    logging: 'off'
+
 - name: Allow OpenSSH inbound
   community.general.ufw:
     rule: allow
@@ -14,8 +19,14 @@
     port: ssh
     proto: tcp
   
-- name: Enable ufw
+- name: Enable ufw system service
   ansible.builtin.service:
     name: ufw
     state: started
     enabled: yes
+
+# This is necessary in addition to enabling the system service
+- name: Enable ufw rules
+  community.general.ufw:
+    state: enabled
+    policy: deny