1 files changed, 11 insertions, 15 deletions

diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml
index 0579f0a..b6a963b 100644
--- a/ansible/roles/ufw/tasks/main.yml
+++ b/ansible/roles/ufw/tasks/main.yml
@@ -2,17 +2,21 @@
     - ufw
   become: yes
   block:
-    - when: 
-      notify: ufw reload
+    - notify: ufw reload
+      vars:
+        state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}"
+        nat:
+          address: "{{ ufw__nat_address if ufw__nat_address is defined else '' }}"
+          prefix: "{{ ufw__nat_prefix if ufw__nat_prefix is defined else '' }}"
       blockinfile:
         path: /etc/ufw/before.rules
         insertbefore: "^# Don't delete these required lines"
         marker: "# NAT config: {mark}"
-        state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}"
+        state: "{{ state }}"
         content: |
           *nat
           :POSTROUTING ACCEPT [0:0]
-          -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE
+          -A POSTROUTING -s {{ nat.address }}/{{ nat.prefix }} -o eth0 -j MASQUERADE
           COMMIT
 
     - notify: ufw reload
@@ -33,14 +37,6 @@
     - ufw:
         state: enabled
 
-#    - ufw:
-#        default: allow
-#        direction: out
-
-#    - ufw:
-#        policy: deny
-#        direction: out
-
-#    - ufw:
-#        policy: allow
-#        direction: routed
+    - ufw:
+        name: OpenSSH
+        rule: allow