ufw: check values for direction depending on situation (#50402)

* Check values of 'direction'.

* Add changelog.

* Update lib/ansible/modules/system/ufw.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/system/ufw.py

changelogs/fragments/50402-ufw-check-direction.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- "ufw: make sure that only valid values for ``direction`` are passed on."

lib/ansible/modules/system/ufw.py

@@ -400,6 +400,8 @@ def main():
                 execute(cmd + [[command], [value]])
 
         elif command == 'default':
+            if params['direction'] not in ['outgoing', 'incoming', 'routed']:
+                module.fail_json(msg='For default, direction must be one of "outgoing", "incoming" and "routed".')
             if module.check_mode:
                 regexp = r'Default: (deny|allow|reject) \(incoming\), (deny|allow|reject) \(outgoing\), (deny|allow|reject|disabled) \(routed\)'
                 extract = re.search(regexp, pre_state)
@@ -416,6 +418,8 @@ def main():
                 execute(cmd + [[command], [value], [params['direction']]])
 
         elif command == 'rule':
+            if params['direction'] not in ['in', 'out', None]:
+                module.fail_json(msg='For rules, direction must be one of "in" and "out".')
             # Rules are constructed according to the long format
             #
             # ufw [--dry-run] [route] [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] \