Add firewalld task

tasks/firewalld.yml

@@ -0,0 +1,60 @@
+- name: remove service rule for dhcpv6-client
+  ansible.posix.firewalld:
+    service: dhcpv6-client
+    permanent: true
+    state: disabled
+  register: port_change
+
+- name: permit traffic in default zone on port 22/tcp for SSH
+  ansible.posix.firewalld:
+    port: 22/tcp
+    permanent: true
+    state: enabled
+  register: port_change
+
+- name: permit traffic in default zone on port 80/tcp for HTTP
+  ansible.posix.firewalld:
+    port: 80/tcp
+    permanent: true
+    state: enabled
+  register: port_change
+
+- name: permit traffic in default zone on port 443/tcp for HTTPS
+  ansible.posix.firewalld:
+    port: 443/tcp
+    permanent: true
+    state: enabled
+  register: port_change
+
+- name: permit traffic in default zone on port 16384-32768/udp for RTP
+  ansible.posix.firewalld:
+    port: 16384-32768/udp
+    permanent: true
+    state: enabled
+  register: port_change
+
+- name: permit traffic in default zone on port 8082/tcp for Metrics API
+  ansible.posix.firewalld:
+    port: 8082/tcp
+    permanent: true
+    state: enabled
+  register: port_change
+
+- name: Reload firewalld after adding new ports
+  ansible.builtin.service:
+    name: firewalld
+    state: reloaded
+  when: port_change.changed
+
+- name: permit traffic in default zone with service SSH
+  ansible.posix.firewalld:
+    service: ssh
+    permanent: true
+    state: disabled
+  register: remove_ssh_service
+
+- name: Reload firewalld after removing SSH service
+  ansible.builtin.service:
+    name: firewalld
+    state: reloaded
+  when: remove_ssh_service.changed