---

- name: Install firewalld
  package:
    name: firewalld
    state: present

- name: "Make sure FirewallD is running"
  ansible.builtin.systemd:
    name: firewalld
    state: started
    enabled: true
    
- name: Open SSH port in firewall
  ansible.posix.firewalld:
    service: ssh
    permanent: yes
    state: enabled
    immediate: yes
    zone: "{{ firewall_zone }}"
#this is seperate so you don't accidentally remove it

- name: Open services in firewall
  ansible.posix.firewalld:
    service: "{{ item }}"
    permanent: yes
    state: enabled
    immediate: yes
    zone: "{{ firewall_zone }}"
  with_items: "{{ firewall_services }}"

- name: Open ports in firewall
  ansible.posix.firewalld:
    port: "{{ item }}"
    permanent: yes
    state: enabled
    immediate: yes
    zone: "{{ firewall_zone }}"
  with_items: "{{ firewall_ports }}"
  when: firewall_ports is defined