---
- name: IPtables | Get iptables rules
  command: iptables -L --wait
  register: iptablesrules
  always_run: yes

- name: Allow traffic from overlay to underlay
  command: /sbin/iptables --wait -I FORWARD 1 -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-overlay-underlay"
  when: "'nuage-overlay-underlay' not in iptablesrules.stdout"
  notify:
    - save iptable rules

- name: Allow traffic from underlay to overlay
  command: /sbin/iptables --wait -I FORWARD 1 -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-underlay-overlay"
  when: "'nuage-underlay-overlay' not in iptablesrules.stdout"
  notify:
    - save iptable rules