From 3a221287cbe68161abccec6a88d145ecef277aa6 Mon Sep 17 00:00:00 2001
From: Aliaksandr Nikitsin <aliaksandrn@google.com>
Date: Mon, 22 Dec 2025 14:17:46 +0100
Subject: [PATCH] remove firewall

---
 test_vm/provision-non-compliant.yml | 62 -----------------------------
 1 file changed, 62 deletions(-)

diff --git a/test_vm/provision-non-compliant.yml b/test_vm/provision-non-compliant.yml
index e3bc8a446..978f50eab 100644
--- a/test_vm/provision-non-compliant.yml
+++ b/test_vm/provision-non-compliant.yml
@@ -578,68 +578,6 @@
 
     # BLOCK ICMP 
 
-    - name: Ensure UFW is installed
-      apt:
-        name: ufw
-        state: present
-
-    - name: Set UFW default policy to deny incoming
-      command: ufw default deny incoming
-
-    - name: Set UFW default policy to allow outgoing
-      command: ufw default allow outgoing
-
-    - name: Allow FTP
-      command: ufw allow 21/tcp
-
-    - name: Allow SSH
-      command: ufw allow 22/tcp
-
-    - name: Allow Telnet
-      command: ufw allow 23/tcp
-
-    - name: Allow SMTP
-      command: ufw allow 25/tcp
-
-    - name: Allow POP3
-      command: ufw allow 110/tcp
-
-    - name: Allow IMAP
-      command: ufw allow 143/tcp
-
-    - name: Allow HTTP
-      command: ufw allow 80/tcp
-
-    - name: Allow SNMP
-      command: ufw allow 161/udp
-
-    - name: Allow VNC
-      command: ufw allow 5901/tcp
-
-    - name: Allow TFTP
-      command: ufw allow 69/udp
-
-    - name: Allow NTP
-      command: ufw allow 123/udp
-
-    - name: Allow BACnet
-      command: ufw allow 47808/udp
-
-    - name: Allow Modbus (if TCP)
-      command: ufw allow 502/tcp
-
-    - name: Allow DHCP server port
-      command: ufw allow 67/udp
-
-    - name: Allow DHCP client port
-      command: ufw allow 68/udp
-
-    - name: Enable UFW
-      command: ufw --force enable
-
-
-    - name: Reload UFW
-      command: ufw reload
 
     - name: Release DHCP lease and flush IP from ens5
       shell: dhclient -r ens5 && ip addr flush dev ens5