--- - name: install ufw arch become: true community.general.pacman: name: "{{ firewall_package }}" state: latest update_cache: true when: - ansible_os_family == 'Arch' - name: start ufw in allow mode become: true community.general.ufw: policy: allow state: enabled - name: start and enable ufw service become: true ansible.builtin.service: name: ufw.service state: started enabled: yes - name: add ssh rules become: true community.general.ufw: comment: SSH access rule: allow to_port: '22' proto: tcp interface: "{{ firewall_ssh_interface }}" direction: in src: "{{ item }}" loop: - 192.168.20.0/24 - 192.168.72.0/24 - 2406:e001:a:cb20::/64 - name: add spice rules become: true community.general.ufw: comment: SPICE access to guests rule: allow to_port: 5901:5904 proto: tcp interface: "{{ firewall_spice_interface }}" direction: in src: '{{ item }}' loop: - 192.168.20.0/24 - 192.168.72.0/24 - 2406:e001:a:cb20::/64 - name: restore default deny policy become: true community.general.ufw: policy: deny logging: low