- name: Install ufw
  apt:
    name: ufw
    state: present

- name: Allow SSH
  ufw:
    rule: allow
    port: 22

- name: Allow HTTP/HTTPS
  ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - 80
    - 443

- name: Deny all others
  ufw:
    state: enabled
    policy: deny