#
# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
#
# Insert additional firewall rules to allow required services to function
- name: Allow HTTP
  iptables:
    chain: INPUT
    action: insert
    rule_num: 5
    protocol: tcp
    destination_port: 80
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new HTTP connections
  become: yes

- name: Allow HTTPS
  iptables:
    chain: INPUT
    action: insert
    rule_num: 6
    protocol: tcp
    destination_port: 443
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new HTTPS connections
  become: yes

- name: Allow admin HTTPS on port {{ ssl_port }}
  iptables:
    chain: INPUT
    action: insert
    rule_num: 7
    protocol: tcp
    destination_port: "{{ ssl_port }}"
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new admin SSL connections
  become: yes

- name: Allow admin HTTP on port 1080
  iptables:
    chain: INPUT
    action: insert
    rule_num: 8
    protocol: tcp
    destination_port: "1080"
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new admin SSL connections
  become: yes