From d7ea614a664165a83833109e0354a4cb76710d1d Mon Sep 17 00:00:00 2001
From: Sangelo <contact@sangelo.space>
Date: Wed, 16 Oct 2024 21:47:18 +0200
Subject: [PATCH] [a] add direction to firewall

---
 roles/secure/defaults/main.yml | 1 +
 roles/secure/tasks/main.yml    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/roles/secure/defaults/main.yml b/roles/secure/defaults/main.yml
index 8006c1c..6166fef 100644
--- a/roles/secure/defaults/main.yml
+++ b/roles/secure/defaults/main.yml
@@ -11,6 +11,7 @@ common_firewall:
   - port: 22
     rule: allow
     state: present
+    direction: in
     interface: "{{ common_firewall_lan_interface if common_firewall_lan_interface }}"
     comment: "Allow incoming connections on {{ common_firewall_lan_interface if common_firewall_lan_interface else 'all interfaces' }}"
 
diff --git a/roles/secure/tasks/main.yml b/roles/secure/tasks/main.yml
index 186bec5..ba0e9ed 100644
--- a/roles/secure/tasks/main.yml
+++ b/roles/secure/tasks/main.yml
@@ -41,6 +41,7 @@
     port: "{{ rule.port }}"
     rule: "{{ rule.rule | default('allow') }}"
     delete: "{{ true if rule.state == 'absent' else false | default(false) }}"
+    direction: "{{ rule.direction | default('in') }}"
     proto: "{{ rule.protocol | default('tcp') }}"
     interface: "{{ rule.interface if rule.interface != 'all' else omit }}"
     comment: "{{ rule.comment | default('Custom rule for port {{ rule.port }} on {{ rule.interface }}') }}"