--- - name: Handle crowdsec port in the firewall iptables_raw: name: "{{ item.name }}" state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}" rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT" loop: - name: crowdsec_lapi_port port: "{{ crowdsec_lapi_port }}" src_ip: "{{ crowdsec_lapi_src_ip }}" - name: crowdsec_prometheus_port port: "{{ crowdsec_prometheus_port }}" src_ip: "{{ crowdsec_prometheus_src_ip }}" tags: firewall,crowdsec