# Insert additional firewall rules to allow required services to function
- name: Allow HTTP
  iptables:
    chain: INPUT
    action: insert
    rule_num: 5
    protocol: tcp
    destination_port: 80
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new HTTP connections
  become: yes

- name: Allow HTTPS
  iptables:
    chain: INPUT
    action: insert
    rule_num: 6
    protocol: tcp
    destination_port: 443
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new HTTPS connections
  become: yes

- name: Allow admin HTTPS on port {{ ssl_port }}
  iptables:
    chain: INPUT
    action: insert
    rule_num: 7
    protocol: tcp
    destination_port: "{{ ssl_port }}"
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new admin SSL connections
  become: yes