---

- name: Is minifirewall installed?
  stat:
    path: /etc/default/minifirewall
  register: minifirewall_default_file
  tags:
    - evomaintenance

- name: minifirewall section for evomaintenance
  lineinfile:
    dest: /etc/default/minifirewall
    line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
    insertafter: "^# EvoMaintenance"
  with_items: "{{ evomaintenance_hosts }}"
  notify: "{{ minifirewall_restart_handler_name }}"
  when: minifirewall_default_file.stat.exists
  tags:
    - evomaintenance

- name: remove minifirewall example rule for the proxy
  lineinfile:
    dest: /etc/default/minifirewall
    regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
    state: absent
  notify: "{{ minifirewall_restart_handler_name }}"
  when: minifirewall_default_file.stat.exists
  tags:
    - evomaintenance

- name: Force restart minifirewall
  command: /bin/true
  notify: restart minifirewall
  when: minifirewall_restart_force
  tags:
    - evomaintenance