---
- name: Install iptables packages
  apt:
    name: iptables-persistent
    state: present

- name: Allow all loopback traffic
  iptables:
    chain: INPUT
    in_interface: lo
    jump: ACCEPT
  notify: Persist iptables

- name: Allow port ping traffic
  iptables:
    chain: INPUT
    jump: ACCEPT
    protocol: icmp
  notify: Persist iptables

- name: Allow related and established connections
  iptables:
    chain: INPUT
    ctstate: ESTABLISHED,RELATED
    jump: ACCEPT
  notify: Persist iptables

- name: Allow SSH
  iptables:
    chain: INPUT
    destination_port: 22
    jump: ACCEPT
    protocol: tcp
  notify: Persist iptables

- name: Allow web
  iptables:
    chain: INPUT
    protocol: tcp
    destination_port: 80
    jump: ACCEPT
  notify: Persist iptables

- name: Allow admin web (nginx proxy)
  iptables:
    chain: INPUT
    protocol: tcp
    destination_port: 81
    jump: ACCEPT
  notify: Persist iptables

- name: Allow dns
  iptables:
    chain: INPUT
    protocol: tcp
    destination_port: 53
    jump: ACCEPT
  notify: Persist iptables

- name: Allow dns (udp)
  iptables:
    chain: INPUT
    protocol: udp
    destination_port: 53
    jump: ACCEPT
  notify: Persist iptables

- name: Allow related and established connections
  ansible.builtin.iptables:
    chain: INPUT
    ctstate: ESTABLISHED,RELATED
    jump: ACCEPT

- name: Set the policy for the INPUT chain to DROP
  iptables:
    chain: INPUT
    policy: DROP
  notify: Persist iptables

- name: Set the policy for the FORWARD chain to DROP
  iptables:
    chain: FORWARD
    policy: DROP
  notify: Persist iptables

- name: Set the policy for the OUTPUT chain to ACCEPT
  iptables:
    chain: OUTPUT
    policy: ACCEPT
  notify: Persist iptables