From d61cf8e414863153526a791e6766f146d4765706 Mon Sep 17 00:00:00 2001
From: Sangelo <contact@sangelo.space>
Date: Wed, 16 Oct 2024 21:40:36 +0200
Subject: [PATCH] [c] bugfixing for firewall

---
 roles/secure/defaults/main.yml | 3 ++-
 roles/secure/tasks/main.yml    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/secure/defaults/main.yml b/roles/secure/defaults/main.yml
index 9e6bdd4..8006c1c 100644
--- a/roles/secure/defaults/main.yml
+++ b/roles/secure/defaults/main.yml
@@ -9,7 +9,8 @@ common_firewall_reject: false # reject all connections by default
 # Default Firewall Rules
 common_firewall:
   - port: 22
-    state: allow
+    rule: allow
+    state: present
     interface: "{{ common_firewall_lan_interface if common_firewall_lan_interface }}"
     comment: "Allow incoming connections on {{ common_firewall_lan_interface if common_firewall_lan_interface else 'all interfaces' }}"
 
diff --git a/roles/secure/tasks/main.yml b/roles/secure/tasks/main.yml
index 0ed9a0b..186bec5 100644
--- a/roles/secure/tasks/main.yml
+++ b/roles/secure/tasks/main.yml
@@ -39,7 +39,8 @@
 - name: Configure firewall rules
   community.general.ufw:
     port: "{{ rule.port }}"
-    rule: "{{ rule.state | default('allow') }}"
+    rule: "{{ rule.rule | default('allow') }}"
+    delete: "{{ true if rule.state == 'absent' else false | default(false) }}"
     proto: "{{ rule.protocol | default('tcp') }}"
     interface: "{{ rule.interface if rule.interface != 'all' else omit }}"
     comment: "{{ rule.comment | default('Custom rule for port {{ rule.port }} on {{ rule.interface }}') }}"