---
# tasks file for iptables-samba

- ansible.builtin.debug:
    msg: "ENABLED = {{ samba_enabled }}; iptables-samba role"

- name: Allow/ disallow new, established packets on TCP Samba ports
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    state: "{{ 'present' if samba_enabled is true else 'absent' }}"
    destination_port: "{{ item }}"
    ctstate: NEW,ESTABLISHED
    jump: ACCEPT
  with_items: '{{ samba_ports }}'

- name: Allow/ disallow new, established packets on UDP Samba ports
  ansible.builtin.iptables:
    chain: INPUT
    protocol: udp
    state: "{{ 'present' if samba_enabled is true else 'absent' }}"
    destination_port: "{{ item }}"
    ctstate: NEW,ESTABLISHED
    jump: ACCEPT
  with_items: '{{ samba_ports }}'

- name: iptables-persistent
  ansible.builtin.include_role:
    name: iptables-persistent