---
- name: Install iptables packages
  yum:
    name: "{{ item }}"
    state: present
  with_items:
  - iptables
  - iptables-services

- name: Start and enable iptables services
  service:
    name: "{{ os_firewall_svc }}"
    state: started
    enabled: yes
  with_items:
  - iptables
  - ip6tables
  register: result

- name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail
  pause: seconds=10
  when: result | changed

- name: Ensure firewalld service is not enabled
  service:
    name: firewalld
    state: stopped
    enabled: no

- name: Mask firewalld service
  command: systemctl mask firewalld
  register: result
  failed_when: result.rc != 0
  changed_when: False
  ignore_errors: yes

- name: Add iptables allow rules
  os_firewall_manage_iptables:
    name: "{{ item.service }}"
    action: add
    protocol: "{{ item.port.split('/')[1] }}"
    port: "{{ item.port.split('/')[0] }}"
  with_items: allow
  when: allow is defined

- name: Remove iptables rules
  os_firewall_manage_iptables:
    name: "{{ item.service }}"
    action: remove
    protocol: "{{ item.port.split('/')[1] }}"
    port: "{{ item.port.split('/')[0] }}"
  with_items: deny
  when: deny is defined