From a73eaafafe43d2f90deac82839ccc109523f1715 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Wed, 12 Oct 2022 16:22:57 +0200
Subject: [PATCH] feat: add forward option for zones

---
 defaults/main.yml                         | 13 +++++++++++++
 templates/etc/firewalld/zones/zone.xml.j2 |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 4e57028..78876a2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -17,6 +17,18 @@ firewalld_allow_zone_drifting: False
 firewalld_ipsets: []
 firewalld_ipsets_extra: []
 
+# @var firewalld_services:description: >
+# A firewalld service can be a list of local ports and destinations and additionally also a list of firewall helper modules
+# automatically loaded if a service is enabled.
+# @var firewalld_services:example: >
+#  - name: ""
+#     short: ""
+#     description: ""
+#     port: []
+#     protocol: []
+#     source_port: []
+#     module: []
+#     destination: {}
 firewalld_services: []
 firewalld_services_extra: []
 
@@ -42,6 +54,7 @@ firewalld_services_extra: []
 #       - name:
 #     icmp-block-inversion: true
 #     masquerade: true
+#     forward: true
 #     forward-port:
 #       - { port: "", protocol: "" }
 #     source-port:
diff --git a/templates/etc/firewalld/zones/zone.xml.j2 b/templates/etc/firewalld/zones/zone.xml.j2
index eef9e68..7f5a744 100644
--- a/templates/etc/firewalld/zones/zone.xml.j2
+++ b/templates/etc/firewalld/zones/zone.xml.j2
@@ -12,7 +12,7 @@
   <{{ tag }}{% for name, value in subtag.items() %} {{ name }}="{{ value }}"{% endfor %}/>
   {% endfor %}
   {# Settings which can be used once #}
-  {% elif tag in ["icmp-block-inversion", "masquerade"] and item[tag] == True %}
+  {% elif tag in ["icmp-block-inversion", "masquerade", "forward"] and item[tag] | bool %}
   <{{ tag }}/>
   {% endif %}
 {% endfor %}