---

- name: Is there a Minifirewall ?
  ansible.builtin.stat:
    path: /etc/default/minifirewall
  register: evobackup_client__minifirewall
  tags:
    - evobackup_client
    - evobackup_client_backup_firewall

- name: Add backup SSH port in /etc/default/minifirewall
  ansible.builtin.blockinfile:
    dest: /etc/default/minifirewall
    marker: "# {mark} {{ item.name }}"
    block: |
      /sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
  loop: "{{ evobackup_client__hosts }}"
  notify: restart minifirewall
  when: evobackup_client__minifirewall.stat.exists
  tags:
    - evobackup_client
    - evobackup_client_backup_firewall