---
- name: system setup | firewall | install ufw
  package:
    name: ufw
    state: present

- name: system setup | firewall | deny all incoming traffic by default and enable firewall
  community.general.ufw:
    state: enabled
    policy: deny

- name: system setup | firewall | allow ssh from anywhere
  community.general.ufw:
    rule: allow
    port: '22'
    proto: tcp
    src: 'any'

- name: system setup | firewall | allow monitoring traffic from internal networks
  community.general.ufw:
    rule: allow
    proto: "{{ item.proto }}"
    port: "{{ item.port | default(omit) }}"
    src: '192.168.1.0/24' # Passe dies an dein internes Netzwerk an
  loop:
    - { proto: 'icmp', comment: 'Allow Ping' }
    - { proto: 'udp', port: '161', comment: 'Allow SNMP' }