---

- include: install_{{ ansible_os_family }}.yml

- name: Set custom iptables rules
  iptables_raw:
    name: "iptables_custom_rules_{{ item.name }}"
    rules: "{{ item.rules }}"
    state: "{{ item.state | default('present') }}"
    weight: "{{ item.weight | default(omit) }}"
    table: "{{ item.table | default(omit) }}"
  loop: "{{ iptables_custom_rules }}"
  tags: firewall

- name: Set default iptables head rules
  iptables_raw:
    name: iptables_default_head
    weight: 10
    keep_unmanaged: "{{ iptables_keep_unmanaged }}"
    state: present
    rules: "{{ iptables_default_head }}"
  tags: firewall,ssh

- name: Set default iptables tail rules
  iptables_raw:
    name: iptables_default_tail
    weight: 99
    keep_unmanaged: "{{ iptables_keep_unmanaged }}"
    state: "{{ (iptables_default_tail != '' ) | ternary('present', 'absent') }}"
    rules: "{{ iptables_default_tail }}"
  tags: firewall

- name: Enable iptable service
  service: name=iptables state=started enabled=yes
  when: ansible_os_family == 'RedHat'
  tags: firewall