firewall testing

tasks/firewall.yml

@@ -1,5 +1,15 @@
-- name: Root port forwards for web traffic.
+- name: Root port openings and forwards for web traffic.
   firewalld:
+    port: "80/tcp"
+    zone: public
+    permanent: true
+    immediate: true
+    state: enabled
+  with_items:
+    - "80"
+    - "443"
+
+- firewalld:
     rich_rule: "{{ item }}"
     zone: public
     permanent: true
@@ -9,12 +19,5 @@
     - "rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080"
     - "rule family=ipv4 forward-port port=443 protocol=tcp to-port=4443"
 
-- firewalld:
-    port: "8443/tcp"
-    zone: public
-    permanent: true
-    immediate: true
-    state: enabled
-
 - command:
     cmd: "firewall-cmd --reload"