Add UFW firewall for debian based distro

ansible/deploy.yml

@@ -10,7 +10,9 @@
     - journald
     - sshd
     - role: timesyncd
-      when: ansible_facts['os_family'] == "Ubuntu"
+      when: ansible_facts['os_family'] == "Debian"
+    - role: ufw
+      when: ansible_facts['os_family'] == "Debian"
 
 - name: Resolver
   hosts: resolver

ansible/packer.yml

@@ -10,7 +10,9 @@
     - journald
     - sshd
     - role: timesyncd
-      when: ansible_facts['os_family'] == "Ubuntu"
+      when: ansible_facts['os_family'] == "Debian"
+    - role: ufw
+      when: ansible_facts['os_family'] == "Debian"
   post_tasks:
     - name: Clean cloud-init
       ansible.builtin.command: cloud-init clean

ansible/roles/knot_resolver/tasks/main.yml

@@ -19,3 +19,12 @@
     mode: "0644"
   notify:
     - Restart knot resolver
+
+- name: Allow port 53 (DNS)
+  community.general.ufw:
+    rule: allow
+    port: "{{ item.port }}"
+    proto: "{{ item.proto }}"
+  with_items:
+    - { port: "53", proto: "tcp" }
+    - { port: "53", proto: "udp" }

ansible/roles/ufw/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Install UFW
+  ansible.builtin.apt:
+    name: ufw
+
+- name: Allow 22/tcp (SSH)
+  community.general.ufw:
+    rule: allow
+    port: "22"
+    proto: tcp
+
+- name: Enable UFW
+  community.general.ufw:
+    state: enabled