From 9b4e04717133797c852cc575861ec60d8ac79c07 Mon Sep 17 00:00:00 2001
From: dogeystamp <dogeystamp@disroot.org>
Date: Sun, 27 Aug 2023 19:36:52 -0400
Subject: [PATCH] firewall: fix glaring errors

---
 roles/firewall/tasks/main.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index aa056ee..8d7c834 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -22,8 +22,8 @@
     rule: allow
     port: "{{ item.port }}"
     proto: "{{ item.proto | default('tcp') }}"
-    state: "{{ 'enabled' if item.name in group_names else 'disabled' }}"
     src: "{{ item.src | default(default_firewall_src) }}"
+  when: item.name in group_names
   with_items:
     # matrix ports
     - name: "synapse"
@@ -61,6 +61,9 @@
       proto: any
       src: "{{ local_subnet }}"
 
+- name: Deny all ports by default
+  community.general.ufw:
+    enabled: true
 
 - name: Enable firewall service
   service: