---
- name: set required podman firewall rules
  become: true
  ansible.posix.firewalld:
    port: "{{ item }}"
    permanent: true
    immediate: true
    zone: "public"
    state: enabled
  loop:
    - "{{ syslog_udp_default }}/udp"
    - "{{ syslog_udp_error }}/udp"
    - "{{ syslog_udp_unifi }}/udp"
    - 1153/tcp
    - 1153/udp
    - 443/tcp
    - 53/tcp
    - 53/udp
    - 6875/tcp
    - 80/tcp
    # satisfactory
    - 7777/udp
    - 15000/udp
    - 15777/udp
  notify: restart firewalld
  tags: firewall

- name: unset non-required podman firewall rules
  become: true
  ansible.posix.firewalld:
    port: "{{ item }}"
    permanent: true
    immediate: true
    zone: "public"
    state: disabled
  loop:
    - 2456/udp
    - 2457/udp
    - 9093/tcp
    - 9092/tcp
    - 9091/tcp
    - 9091/udp
    - 9092/udp
  notify: restart firewalld
  tags: firewall