class Kitsune::Kit::Commands::SetupFirewall

def perform_rollback(ssh, filled_options)
  ssh_port = filled_options[:ssh_port]
  output = ssh.exec! <<~EOH
    set -e
    echo "🔁 Removing UFW rules…"
    delete_rule() {
      local rule="$1"
      if sudo ufw status | grep -q "$rule"; then
        sudo ufw delete allow "$rule" >/dev/null 2>&1 && echo "   - rule '$rule' removed"
      else
        echo "   - rule '$rule' does not exist"
      fi
    }
    delete_rule "#{ssh_port}/tcp"
    delete_rule "80/tcp"
    delete_rule "443/tcp"
    echo "✍🏻 Disabling UFW if active…"
    if sudo ufw status | grep -q "Status: inactive"; then
      echo "   - UFW is already inactive"
    else
      sudo ufw --force disable >/dev/null 2>&1 && echo "   - UFW disabled"
    fi
  EOH
  say output
  say "✅ Firewall rollback completed", :green
end