- name: IPTables rules
  block:
    - name: Install netfilter-persistent
      apt:
        name: netfilter-persistent
        state: present
    - name: Allow related and established connections
      ansible.builtin.iptables:
        chain: INPUT
        ctstate: ESTABLISHED,RELATED
        jump: ACCEPT
      become: yes
    - name: Allow new incoming SYN packets on specified port
      ansible.builtin.iptables:
        chain: INPUT
        protocol: tcp
        destination_port: "{{ SSH_PORT }}"
        ctstate: NEW
        syn: match
        jump: ACCEPT
    - name: Allow ICMP 
      ansible.builtin.iptables:
        chain: INPUT
        protocol: icmp
        jump: ACCEPT
    - name: Allow 80, 443 connections
      ansible.builtin.iptables:
        chain: INPUT
        protocol: tcp
        destination_ports:
          - "80"
          - "443"
        jump: ACCEPT
    - name: Allow loopback in
      shell:
        cmd: iptables -A INPUT -i lo -j ACCEPT
    - name: Allow loopback out
      shell:
        cmd: iptables -A OUTPUT -o lo -j ACCEPT
    - name: INPUT DROP
      ansible.builtin.iptables:
        chain: INPUT
        policy: DROP
    - name: Save iptables rules
      shell:
        cmd: netfilter-persistent save