Does anyone have a solution for dealing with changes to UFW rules in Ansible? The issue is that occasionally, I have to change a rule in some way (change IPs/networks, change port) but the old rule still remains. I could add a separate, special rule to delete the old version but that seems overly fiddly to me.
When I was first playing around with this, I did have a rule at the beginning of my firewall playbook that reset UFW on every run before applying the rule tasks but I decided to remove it because it seems like the wrong approach.
I’d recommend handling it much the same way I recommend handling users. Create a var containing the rules and state of the rule. And have it loop using with_items. Something like: