---

- name: Handle vault ports in the firewall
  iptables_raw:
    name: vault_port_{{ item }}
    state: "{{ (vault_services[item].src_ip | length > 0) | ternary('present', 'absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ vault_services[item].port }} -s {{ vault_services[item].src_ip | flatten | join(',') }} -j ACCEPT"
  loop: "{{ vault_services.keys() | list }}"
  tags: firewall,vault