- name: Include OS-specific variables
  include_vars: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files: "{{ distro_lookup_path }}"
      paths:
        - 'vars'

- name: Install iptables
  package:
    name: '{{ package_name }}'
    state: present

- name: Ensure iptables rules directory
  file:
    state: directory
    path: '{{ rules_dir }}'

- name: Install IPv4 rules files
  template:
    src: rules.v4.j2
    dest: '{{ ipv4_rules }}'
    owner: root
    group: root
    mode: 0640
    setype: '{{ setype | default(omit) }}'
  notify:
    - Reload iptables

- name: Install IPv6 rules files
  template:
    src: rules.v6.j2
    dest: '{{ ipv6_rules }}'
    owner: root
    group: root
    mode: 0640
    setype: '{{ setype | default(omit) }}'
  notify:
    - Reload iptables

- name: Include OS specific tasks
  include_tasks: "{{ item }}"
  vars:
    params:
      files: "{{ distro_lookup_path }}"
  loop: "{{ query('first_found', params, errors='ignore') }}"

- name: Enable iptables service
  service:
    name: '{{ service_name }}'
    enabled: true