---
# file: roles/base/tasks/redhat_firewall.yml

- name: Allow SSH access through the firewall
  firewalld:
    service: ssh
    permanent: yes
    state: enabled
  notify: Reload Firewalld

- name: Allow web management access through the firewall
  firewalld:
    service: cockpit
    permanent: yes
    state: enabled
  notify: Reload Firewalld
  when: base_core_web_management == true
  tags:
  - web_management

- name: Enable firewall
  service:
    name: firewalld
    state: started
    enabled: yes