---
- name: Ensure iptables is installed.
  package: name=iptables state=installed

- name: Flush iptables the first time playbook runs.
  command: >
    iptables -F
    creates=/etc/firewall.bash

- name: Copy firewall script into place.
  template:
    src: firewall.bash.j2
    dest: /etc/firewall.bash
    owner: root
    group: root
    mode: 0744
  notify: restart firewall

- name: Copy firewall init script into place.
  template:
    src: firewall.init.j2
    dest: /etc/init.d/firewall
    owner: root
    group: root
    mode: 0755
  when: "ansible_service_mgr != 'systemd'"

- name: Copy firewall systemd unit file into place (for systemd systems).
  template:
    src: firewall.unit.j2
    dest: /etc/systemd/system/firewall.service
    owner: root
    group: root
    mode: 0644
  when: "ansible_service_mgr == 'systemd'"

- name: Configure the firewall service.
  service:
    name: firewall
    state: "{{ firewall_state }}"
    enabled: "{{ firewall_enabled_at_boot }}"

- include: disable-other-firewalls.yml
  when: firewall_disable_firewalld or firewall_disable_ufw