---

- name: Handle NFS port
  iptables_raw:
    name: lingw_nfs_port
    state: "{{ (lingw_nfs_src_ip | length > 0) | ternary('present','absent') }}"
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 2049 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
      -A INPUT -m state --state NEW -p tcp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
      -A INPUT -m state --state NEW -p udp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
  tags: firewall,drbd

- name: Handle iSCSI port
  iptables_raw:
    name: lingw_iscsi_port
    state: "{{ (lingw_iscsi_src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp --dport 3260 -s {{ lingw_iscsi_src_ip | join(',') }} -j ACCEPT"
  tags: firewall,drbd