---
- name: Install firewalld packages
  package: name=firewalld state=present
  when: not openshift.common.is_containerized | bool

- name: Ensure iptables services are not enabled
  systemd:
    name: "{{ item }}"
    state: stopped
    enabled: no
    masked: yes
  with_items:
    - iptables
    - ip6tables
  register: task_result
  failed_when: "task_result|failed and 'Could not find' not in task_result.msg"

- name: Start and enable firewalld service
  systemd:
    name: firewalld
    state: started
    enabled: yes
    masked: no
    daemon_reload: yes
  register: result

- name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail
  pause: seconds=10
  when: result | changed

- name: Add firewalld allow rules
  firewalld:
    port: "{{ item.port }}"
    permanent: true
    immediate: true
    state: enabled
  with_items: "{{ os_firewall_allow }}"

- name: Remove firewalld allow rules
  firewalld:
    port: "{{ item.port }}"
    permanent: true
    immediate: true
    state: disabled
  with_items: "{{ os_firewall_deny }}"