---

- name: Firewall with ufw
  hosts: all
  tasks:
    - name: Install Basic Packages
      apt:
        name: 
          - ufw
        update_cache: no
        install_recommends: no

    - name: Allow all access to tcp port 22 (ssh)
      community.general.ufw:
        rule: deny
        port: '22'
        proto: tcp

    - name: Allow all access to tcp port 33 (ssh)
      community.general.ufw:
        rule: allow
        port: '33'
        proto: tcp

    - name: Deny everything per policy and enable UFW
      community.general.ufw:
        state: enabled
        policy: deny