From fc7ca37b07337d76e7f8c28a4f280675b6f8dbcb Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Tue, 22 Nov 2022 21:37:37 +0100
Subject: [PATCH] Make TCP the default allowed firewall protocol

Custom protocol can still be specified by adding `proto: "proto"` to a
loop item.
---
 roles/ubuntu_base/tasks/firewall.yml | 43 ++++++++--------------------
 1 file changed, 12 insertions(+), 31 deletions(-)

diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml
index ddc9022..17860a8 100644
--- a/roles/ubuntu_base/tasks/firewall.yml
+++ b/roles/ubuntu_base/tasks/firewall.yml
@@ -3,39 +3,20 @@
   community.general.ufw: 
     state: enabled
     policy: deny
+
 - name: Allow necessary ports
   community.general.ufw:
     rule: allow
     port: "{{ item.port }}"
-    proto: "{{ item.proto }}"
+    proto: "{{ item.proto | default('tcp') }}"
   loop:
-    # Gitea SSH
-    - port: 22
-      proto: "tcp"  
-    # HTTP
-    - port: 80
-      proto: "tcp"
-    # HTTPS
-    - port: 443
-      proto: "tcp"
-    # OpenLDAP
-    - port: 389
-      proto: "tcp"
-    # OpenLDAP
-    - port: 636
-      proto: "tcp"
-    # Email
-    - port: 25
-      proto: "tcp"
-    # Email
-    - port: 465
-      proto: "tcp"
-    # Email
-    - port: 587
-      proto: "tcp"
-    # Email
-    - port: 993
-      proto: "tcp"
-    # SSH
-    - port: 19022
-      proto: "tcp"
+    - port: 22     # Gitea SSH
+    - port: 80     # HTTP
+    - port: 443    # HTTPS
+    - port: 389    # OpenLDAP
+    - port: 636    # OpenLDAP
+    - port: 25     # Email
+    - port: 465    # Email
+    - port: 587    # Email
+    - port: 993    # Email
+    - port: 19022  # SSH