---
# make sure firewalld is not installed
- name: make sure firewalld is not installed
  yum: name={{ item }} state=absent
  become: true
  become_user: root
  with_items:
  - firewalld
  - firewall-config

# make sure iptables is installed
- name: make sure iptables-services is installed
  yum: name=iptables-services state=present
  become: true
  become_user: root

- name: make sure iptables service is running
  service: name=iptables state=started enabled=yes
  become: true
  become_user: root

    
# template ip tables rules or add rules on startup?
- name: template rules
  template: dest=/etc/sysconfig/iptables src=iptables.j2
  become: true
  become_user: root
  register: rule_changed

- name: restore rules
  shell: iptables-restore
  become: true
  become_user: root
  when: rule_changed | changed

# make sure ip forwarding is enabled