- name: Install Uncomplicated Firewall
  ansible.builtin.package:
    name: ufw
    state: present

# UFW logging can full up the kernel (dmesg) and message logs
- name: Disable logging
  community.general.ufw:
    logging: 'off'

- name: Allow OpenSSH inbound
  community.general.ufw:
    rule: allow
    name: OpenSSH # Uses standard profile located in /etc/ufw/applications.d

- name: Apply rate limiting to ssh inbound
  community.general.ufw:
    rule: limit
    port: ssh
    proto: tcp
  
- name: Enable ufw system service
  ansible.builtin.service:
    name: ufw
    state: started
    enabled: yes

# This is necessary in addition to enabling the system service
- name: Enable ufw rules
  community.general.ufw:
    state: enabled
    policy: deny