---

# basic firewall rules
- name: "firewall - allow incoming routed traffic"
  community.general.ufw:
    rule: "allow"
    route: "yes"
    src: "{{ item[0] }}"
    dest: "{{ item[1] }}"
  with_nested:
    - "{{ __rule['source_nets'] }}"
    - "{{ __rule['destination_nets'] }}"
  tags:
    - "firewall"

- name: "firewall - allow outgoing routed traffic"
  community.general.ufw:
    rule: "allow"
    route: "yes"
    src: "{{ item[1] }}"
    dest: "{{ item[0] }}"
  with_nested:
    - "{{ __rule['source_nets'] }}"
    - "{{ __rule['destination_nets'] }}"
  tags:
    - "firewall"