---

- name:  Handle metabase port in the firewall
  iptables_raw:
    name: metabase_port
    state: "{{ (metabase_src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ metabase_port }} -s {{ metabase_src_ip | join(',') }} -j ACCEPT"
  tags: firewall,metabase