---

- name: Load iptables FTP helper
  copy: content="nf_conntrack_ftp" dest=/etc/modules-load.d/freepbx.conf
  notify: restart systemd-modules-load
  tags: fpbx

- name: Handle FreePBX ports
  iptables_raw:
    name: "{{ item.name }}"
    state: "{{ (item.src | length > 0 and (item.tcp_ports | length > 0 or item.udp_ports | length > 0)) | ternary('present','absent') }}"
    rules: "{% if item.tcp_ports is defined and item.tcp_ports | length > 0 %}-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ item.tcp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT\n{% endif %}
            {% if item.udp_ports is defined and item.udp_ports | length > 0 %}-A INPUT -m state --state NEW -p udp -m multiport --dports {{ item.udp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT{% endif %}"
  when: iptables_manage | default(True)
  loop:
    - name: fpbx_mgm_ports
      tcp_ports: "{{ fpbx_mgm_tcp_ports }}"
      udp_ports: "{{ fpbx_mgm_udp_ports }}"
      src: "{{ fpbx_mgm_src_ip }}"
    - name: fpbx_voip_ports
      tcp_ports: "{{ fpbx_voip_tcp_ports }}"
      udp_ports: "{{ fpbx_voip_udp_ports }}"
      src: "{{ fpbx_voip_src_ip }}"
    - name: fpbx_http_ports
      tcp_ports: "{{ fpbx_http_ports }}"
      src: "{{ fpbx_http_src_ip }}"
    - name: fpbx_prov_ports
      tcp_ports: "{{ fpbx_prov_tcp_ports }}"
      udp_ports: "{{ fpbx_prov_udp_ports }}"
      src: "{{ fpbx_prov_src_ip }}"
  tags: fpbx,firewall