- name: remove service rule for dhcpv6-client
  ansible.posix.firewalld:
    service: dhcpv6-client
    permanent: true
    state: disabled
  register: port_change

- name: permit traffic in default zone on port 22/tcp for SSH
  ansible.posix.firewalld:
    port: 22/tcp
    permanent: true
    state: enabled
  register: port_change

- name: permit traffic in default zone on port 80/tcp for HTTP
  ansible.posix.firewalld:
    port: 80/tcp
    permanent: true
    state: enabled
  register: port_change

- name: permit traffic in default zone on port 443/tcp for HTTPS
  ansible.posix.firewalld:
    port: 443/tcp
    permanent: true
    state: enabled
  register: port_change

- name: permit traffic in default zone on port 16384-32768/udp for RTP
  ansible.posix.firewalld:
    port: 16384-32768/udp
    permanent: true
    state: enabled
  register: port_change

- name: permit traffic in default zone on port 8082/tcp for Metrics API
  ansible.posix.firewalld:
    port: 8082/tcp
    permanent: true
    state: enabled
  register: port_change

- name: Reload firewalld after adding new ports
  ansible.builtin.service:
    name: firewalld
    state: reloaded
  when: port_change.changed

- name: permit traffic in default zone with service SSH
  ansible.posix.firewalld:
    service: ssh
    permanent: true
    state: disabled
  register: remove_ssh_service

- name: Reload firewalld after removing SSH service
  ansible.builtin.service:
    name: firewalld
    state: reloaded
  when: remove_ssh_service.changed