Don't allow output ssh and only allow dhclient if using dhcp

roles/setup_nftables/files/output.d/ssh.conf

@@ -1 +0,0 @@
-tcp dport ssh accept comment "Allow SSH"

roles/setup_nftables/tasks/main.yml

@@ -7,7 +7,7 @@
     state: present
   notify: Start nftables service
 
-- name: Start nftables
+- name: Start and enable nftables
   become: true
   ansible.builtin.systemd:
     name: nftables
@@ -75,17 +75,23 @@
     - post-hooks.d/*
   notify: Restart nftables service
 
-- name: Copy default output rules
+- name: Check if server is using DHCP
+  become: true
+  ansible.builtin.shell:
+    cmd: "for interface in $(ip -o link show up | awk -F: '{print $2}'); do grep -r $interface.*dhcp /etc/network; done"
+  register: dhcp_grep
+  changed_when: false
+
+- name: Copy dhclient output rule
   become: true
   ansible.builtin.copy:
-    src: "{{ item }}"
-    dest: "/etc/nftables/output.d/{{ item | basename }}"
+    src: output.d/dhclient.conf
+    dest: /etc/nftables/output.d/dhclient.conf
     owner: root
     group: root
     mode: 0640
-  with_fileglob:
-    - output.d/*
   notify: Restart nftables service
+  when: dhcp_grep.stdout != ""
 
 - name: Setup netfilter.log
   become: true