---
# tasks file for iptables-kdeconnect

- ansible.builtin.debug:
    msg: "ENABLED = {{ kdeconnect_enabled }}; iptables-kdeconnect role"

- name: Allow/ disallow new, established packets on TCP Kdeconnect ports
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    state: "{{ 'present' if kdeconnect_enabled is true else 'absent' }}"
    destination_port: "{{ kdeconnect_ports }}"
    ctstate: NEW,ESTABLISHED
    jump: ACCEPT

- name: Allow/ disallow new, established packets on UDP Kdeconnect ports
  ansible.builtin.iptables:
    chain: INPUT
    protocol: udp
    state: "{{ 'present' if kdeconnect_enabled is true else 'absent' }}"
    destination_port: "{{ kdeconnect_ports }}"
    ctstate: NEW,ESTABLISHED
    jump: ACCEPT

- name: iptables-persistent
  ansible.builtin.include_role:
    name: iptables-persistent