From ef3c2987c979994d90dcb8c9ce4547a361f8aae9 Mon Sep 17 00:00:00 2001
From: MarkKoz <KozlovMark@gmail.com>
Date: Tue, 11 Jan 2022 14:18:04 -0800
Subject: Ensure SSH is allowed before setting default deny

Ansible relies on SSH, so it's good to ensure that's allowed before
blocking everything else.
---
 roles/ufw/tasks/main.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/ufw/tasks/main.yml b/roles/ufw/tasks/main.yml
index ff437f3..00749d2 100644
--- a/roles/ufw/tasks/main.yml
+++ b/roles/ufw/tasks/main.yml
@@ -1,13 +1,13 @@
-- name: Enable UFW and deny all traffic by default
-  community.general.ufw:
-    state: enabled
-    policy: deny
-
 - name: Allow OpenSSH
   community.general.ufw:
     rule: allow
     name: OpenSSH
 
+- name: Enable UFW and deny all traffic by default
+  community.general.ufw:
+    state: enabled
+    policy: deny
+
 - name: Allow WireGuard
   community.general.ufw:
     rule: allow
-- 
cgit v1.2.3