- name: allow ssh
  ufw:
    rule: allow
    name: OpenSSH

- name: allow http/https
  ufw:
    rule: allow
    name: Nginx Full

- name: enable and deny by default
  ufw:
    state: enabled
    default: deny