---
# make sure firewalld is not installed
- name: make sure firewalld is not installed
  yum: name={{ item }} state=absent
  become: true
  become_user: root
  with_items:
  - firewalld
  - firewall-config

# make sure iptables is installed
- name: make sure iptables-services is installed
  yum: name=iptables-services state=present
  become: true
  become_user: root

- name: make sure iptables service is running
  service: name=iptables state=started enabled=yes
  become: true
  become_user: root

- name: get name of device for public interface
  # output looks like
  # 8.8.8.8 via 118.138.254.254 dev eth2  src 118.138.254.185
  shell: /usr/sbin/ip route get 8.8.8.8  | awk '{print $5;exit }'
  check_mode: no
  changed_when: false
  register: public_device_name

#if not defined, default to M3=vlan 114  ;
#See https://webnet.its.monash.edu.au/cgi-bin/staff-only/netsee
- set_fact: PRIVATE_NETWORK_CIDR="172.16.200.0/21"
  when: PRIVATE_NETWORK_CIDR is undefined

# template ip tables rules or add rules on startup?
- name: template rules
  template: dest=/etc/sysconfig/iptables src=iptables.j2
  become: true
  become_user: root
  register: rule_changed

- name: restore rules
  shell: iptables-restore
  become: true
  become_user: root
  when: rule_changed.changed

# make sure ip forwarding is enabled