---

- name: Block all INPUT by default
  ansible.builtin.iptables:
    chain: INPUT
    policy: DROP
    comment: Block all INPUT by default
    state: present
  become: yes

- name: Block all OUTPUT by default
  ansible.builtin.iptables:
    chain: OUTPUT
    policy: DROP
    comment: Block all OUTPUT by default
    state: present
  become: yes

- name: Block all FORWARD by default
  ansible.builtin.iptables:
    chain: FORWARD
    policy: DROP
    comment: Block all FORWARD by default
    state: present
  become: yes