---
- name: set required podman firewall rules
  become: true
  ansible.posix.firewalld:
    port: "{{ item }}"
    permanent: true
    immediate: true
    state: enabled
  loop:
    - "{{ syslog_udp_default }}/udp"
    - "{{ syslog_udp_error }}/udp"
    - "{{ syslog_udp_unifi }}/udp"
    # nginx
    - 80/tcp
    - 443/tcp
    # pihole (unused?)
    - 53/tcp
    - 53/udp
    # nosql/redis
    - 6379/tcp
    # ???
    - 6875/tcp
    # Satisfactory
    - 7777/udp
    - 15000/udp
    - 15777/udp
    # Factorio
    - 27015/tcp
    - 34197/udp
  notify: restart firewalld
  tags: firewall

- name: unset non-required podman firewall rules
  become: true
  ansible.posix.firewalld:
    port: "{{ item }}"
    permanent: true
    immediate: true
    state: disabled
  loop:
    - 1153/tcp
    - 1153/udp
    - 2000/udp
    - 2456/udp
    - 2457/udp
    - 9093/tcp
    - 9092/tcp
    - 9091/tcp
    - 9091/udp
    - 9092/udp
  notify: restart firewalld
  tags: firewall