---
- name: Install ufw
  become: yes
  pacman: name=ufw state=present update_cache=yes

- name: set deny policy
  become: yes
  ufw: policy=deny

- name: set all allow rules
  become: yes
  ufw: direction={{ item.direction }} rule=allow proto={{ item.proto }} port={{ item.port }}
  with_items:
    - { direction: in, proto: tcp, port: 22 } #ssh
    - { direction: in, proto: tcp, port: 25 } #smtp
    - { direction: in, proto: tcp, port: 80 } #http brentj.es
    - { direction: in, proto: tcp, port: 143 } #Imap
    - { direction: in, proto: tcp, port: 443 } #https brentj.es
    - { direction: in, proto: tcp, port: 442 } #https phpmyadmin
    - { direction: in, proto: tcp, port: 444 } #https owncloud
    - { direction: in, proto: tcp, port: 587 } #alt smtp
    - { direction: in, proto: tcp, port: 9000 } #weechat relay
    - { direction: in, proto: tcp, port: 9003 } #weechat urlserver
    - { direction: in, proto: udp, port: 60000 } #mosh
    
- name: enable ufw itself
  become: yes
  ufw: state=enabled

- name: Start and enable ufw
  become: yes
  service: name=ufw state=started enabled=yes