---
- name: Setup iptables
  block:
    - name: Set custom iptables rules
      iptables_raw:
        name: 'iptables_custom_rules_{{ item.name }}'
        rules: '{{ item.rules }}'
        state: '{{ item.state }}'
        weight: '{{ item.weight | default(omit) }}'
        table: '{{ item.table | default(omit) }}'
      loop: '{{ iptables_custom_rules + iptables_custom_rules_extra }}'
      loop_control:
        label: "{{ item.name }}"

    - name: Set applications iptables rules
      iptables_raw:
        name: '{{ item.name }}'
        rules: '{{ item.rules }}'
        state: '{{ item.state }}'
        weight: '{{ item.weight | default(omit) }}'
        table: '{{ item.table | default(omit) }}'
      loop: '{{ iptables_app_rules + iptables_app_rules_extra }}'
      loop_control:
        label: "{{ item.name }}"

    - name: Set default iptables head rules
      iptables_raw:
        name: iptables_default_head
        weight: 10
        keep_unmanaged: '{{ iptables_keep_unmanaged }}'
        state: present
        rules: '{{ iptables_default_head }}'

    - name: Set default iptables tail rules
      iptables_raw:
        name: iptables_default_tail
        weight: 99
        keep_unmanaged: '{{ iptables_keep_unmanaged }}'
        state: '{{ (not iptables_default_tail) | ternary("absent", "present") }}'
        rules: '{{ iptables_default_tail }}'
  become: True
  become_user: root