---
# tasks file for iptables-ipfs

- name: setup iptables for IPFS
  when:
    - "is_docker is not true"
    - "ipfs_enabled is true"
  block:
    - name: Allow new, established packets on TCP/UDP port 4001 (IPFS)
      ansible.builtin.iptables:
        chain: INPUT
        protocol: tcp
        destination_port: "{{ ipfs_port }}"
        ctstate: NEW,ESTABLISHED
        jump: ACCEPT
        comment: IPFS dedicated port

    - name: iptables-persistent
      ansible.builtin.include_role:
        name: iptables-persistent