From 5db582ec1a1f097dd6d03372edf0fcf74297ff4a Mon Sep 17 00:00:00 2001
From: Claude AI <claude@thedevops.dev>
Date: Tue, 6 Jan 2026 14:44:17 +0000
Subject: [PATCH] feat(ansible): Add firewall role tasks

---
 .../roles/firewall/tasks/main.yml             | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 ansible/webserver-automation/roles/firewall/tasks/main.yml

diff --git a/ansible/webserver-automation/roles/firewall/tasks/main.yml b/ansible/webserver-automation/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..c75c43d
--- /dev/null
+++ b/ansible/webserver-automation/roles/firewall/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+# Firewall role - UFW configuration
+
+- name: Install UFW
+  apt:
+    name: ufw
+    state: present
+  tags: ['install']
+
+- name: Set UFW default policies
+  ufw:
+    direction: "{{ item.direction }}"
+    policy: "{{ item.policy }}"
+  loop:
+    - { direction: 'incoming', policy: 'deny' }
+    - { direction: 'outgoing', policy: 'allow' }
+  tags: ['policy']
+
+- name: Allow SSH
+  ufw:
+    rule: allow
+    port: "{{ ssh_port }}"
+    proto: tcp
+  tags: ['ssh']
+
+- name: Allow TCP ports
+  ufw:
+    rule: allow
+    port: "{{ item }}"
+    proto: tcp
+  loop: "{{ firewall_allowed_tcp_ports }}"
+  tags: ['ports']
+
+- name: Enable UFW
+  ufw:
+    state: enabled
+  tags: ['enable']
+
+- name: Display status
+  command: ufw status verbose
+  register: ufw_status
+  changed_when: false
+  tags: ['status']
+
+- name: Show configuration
+  debug:
+    msg: "✅ Firewall configured - {{ ufw_status.stdout_lines | length }} rules"
+  tags: ['status']