---
# tasks file for iptables-webserver

- ansible.builtin.debug:
    msg: "ENABLED = {{ iptables_webserver_enabled }}; PORTS = {{ iptables_webserver_ports }}; iptables-webserver role"

- when:
    - "is_docker is not true"
  block:
    - name: Allow new, established packets on TCP ports 80/443 (Webserver)
      ansible.builtin.iptables:
        chain: INPUT
        protocol: tcp
        state: "{{ 'present' if iptables_webserver_enabled is true else 'absent' }}"
        destination_port: "{{ item }}"
        ctstate: NEW,ESTABLISHED
        jump: ACCEPT
        comment: Webserver dedicated port
      loop: "{{ iptables_webserver_ports }}"

    - name: iptables-persistent
      ansible.builtin.include_role:
        name: iptables-persistent