---
- when: r_openshift_hosted_router_firewall_enabled | bool and not r_openshift_hosted_router_use_firewalld | bool
  block:
  - name: Add iptables allow rules
    os_firewall_manage_iptables:
      name: "{{ item.service }}"
      action: add
      protocol: "{{ item.port.split('/')[1] }}"
      port: "{{ item.port.split('/')[0] }}"
    when: item.cond | default(True)
    with_items: "{{ l_openshift_hosted_fw_allow }}"

  - name: Remove iptables rules
    os_firewall_manage_iptables:
      name: "{{ item.service }}"
      action: remove
      protocol: "{{ item.port.split('/')[1] }}"
      port: "{{ item.port.split('/')[0] }}"
    when: item.cond | default(True)
    with_items: "{{ l_openshift_hosted_fw_deny }}"

- when: l_openshift_hosted_firewall_enabled | bool and l_openshift_hosted_use_firewalld | bool
  block:
  - name: Add firewalld allow rules
    firewalld:
      port: "{{ item.port }}"
      permanent: true
      immediate: true
      state: enabled
    when: item.cond | default(True)
    with_items: "{{ l_openshift_hosted_fw_allow }}"

  - name: Remove firewalld allow rules
    firewalld:
      port: "{{ item.port }}"
      permanent: true
      immediate: true
      state: disabled
    when: item.cond | default(True)
    with_items: "{{ l_openshift_hosted_fw_deny }}"