- service: name=firewalld
           state=started
           enabled=yes
  become: yes

- firewalld: service=https
             permanent=true
             state=enabled
  become: yes
  notify: restart firewalld

- firewalld: service=http
             permanent=true
             state=enabled
  become: yes
  notify: restart firewalld

- firewalld: rich_rule='rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
             permanent=true
             state=enabled
  with_items:
    - 128.192.75.0/24
    - 192.168.0.0/16
    - 172.16.0.0/16
    - 128.91.49.0/24
  become: yes
  notify: restart firewalld
  when: is_production_vm == True

- firewalld: service=ssh
             permanent=true
             state=disabled
  become: yes
  notify: restart firewalld
  when: is_production_vm == True

- name: define new icmp types for timestamp responses
  copy: dest='/etc/firewalld/icmptypes/{{ item }}.xml'
        src='{{ item }}.xml'
  become: yes
  with_items:
    - timestamp-reply
    - timestamp-request

- name: load new icmp types for timestamp responses
  command: firewall-cmd --reload
  become: yes

- name: disable icmp timestamp responses
  command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
  become: yes
  with_items:
    - timestamp-reply
    - timestamp-request
  notify: restart firewalld

- name: restart firewalld
  service: name=firewalld
           state=restarted
  become: yes