---

- name: Handle nomad ports in the firewall
  iptables_raw:
    name: nomad_port_{{ item }}
    state: "{{ (('tcp' in nomad_services[item].proto or 'udp' in nomad_services[item].proto) and nomad_services[item].src_ip | length > 0) | ternary('present', 'absent') }}"
    rules: |
      {% if 'tcp' in nomad_services[item].proto %}
      -A INPUT -m state --state NEW -p tcp --dport {{ nomad_services[item].port }} -s {{  nomad_services[item].src_ip | flatten | join(',') }} -j ACCEPT
      {% endif %}
      {% if 'udp' in nomad_services[item].proto %}
      -A INPUT -m state --state NEW -p udp --dport {{ nomad_services[item].port }} -s {{  nomad_services[item].src_ip | flatten | join(',') }} -j ACCEPT
      {% endif %}
  loop: "{{ nomad_services.keys() | list }}"
  tags: firewall,nomad