- name: Ensure firewalld is enabled
  service:
    name: firewalld
    enabled: true
    state: started

- name: Set external interface
  firewalld:
    state: enabled
    interface: eth1
    zone: external
    permanent: yes
    immediate: yes

- name: Set internal interface
  firewalld:
    state: enabled
    interface: eth2
    zone: internal
    permanent: yes
    immediate: yes

- name: Open firewalld ports
  firewalld:
    port: "{{ item.port }}"
    state: enabled
    zone: "{{ item.zone }}"
    immediate: yes
    permanent: yes
  loop:
    - port: 80/tcp
      zone: external
    - port: 443/tcp
      zone: external
    - port: 80/tcp
      zone: internal
    - port: 443/tcp
      zone: internal
    - port: 22623/tcp
      zone: internal
    - port: 8000/tcp
      zone: internal
    - port: 6443/tcp
      zone: internal
    - port: 6443/tcp
      zone: external