---
- name: "update cache"
apt:
update_cache: yes
- name: "install ufw"
name: ufw
- name: deny everything and enable UFW
community.general.ufw:
state: enabled
policy: deny
- name: allow sshd port
rule: allow
port: "{{ sshd_port }}"
proto: tcp