---
- name: Ensure iptables is installed.
  package: name=iptables state=installed

- name: Flush iptables the first time playbook runs.
  command: >
    iptables -F
    creates=/etc/init.d/firewall

- name: Copy firewall script into place.
  template:
    src: firewall.bash.j2
    dest: /etc/firewall.bash
    owner: root
    group: root
    mode: 0744
  notify: restart firewall

- name: Copy firewall init script into place.
  template:
    src: firewall.init.j2
    dest: /etc/init.d/firewall
    owner: root
    group: root
    mode: 0755

- name: Copy firewall systemd unit file into place (for systemd systems).
  template:
    src: firewall.unit.j2
    dest: /etc/systemd/system/firewall.service
    owner: root
    group: root
    mode: 0755
  when: >
    (ansible_distribution == 'Ubuntu' and ansible_distribution_version.split(".")[0]|int >= 16) or
    (ansible_distribution == 'Debian' and ansible_distribution_version.split(".")[0]|int >= 8) or
    (ansible_os_family == 'RedHat' and ansible_distribution_version.split(".")[0]|int >= 7) or
    (ansible_distribution == 'Fedora')

- name: Ensure the firewall is enabled and will start on boot.
  service: name=firewall state=started enabled=yes

- include: disable-other-firewalls.yml
  when: firewall_disable_firewalld or firewall_disable_ufw