From c46488efa66814afdfd4127f81e4211b46b02b8f Mon Sep 17 00:00:00 2001
From: Mike Holloway <mike.holloway@protonmail.com>
Date: Tue, 2 Dec 2025 13:11:18 -0500
Subject: [PATCH] firewall testing

---
 tasks/firewall.yml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/tasks/firewall.yml b/tasks/firewall.yml
index 18098e1..f5640fc 100644
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@@ -1,5 +1,15 @@
-- name: Root port forwards for web traffic.
+- name: Root port openings and forwards for web traffic.
   firewalld:
+    port: "80/tcp"
+    zone: public
+    permanent: true
+    immediate: true
+    state: enabled
+  with_items:
+    - "80"
+    - "443"
+
+- firewalld:
     rich_rule: "{{ item }}"
     zone: public
     permanent: true
@@ -9,12 +19,5 @@
     - "rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080"
     - "rule family=ipv4 forward-port port=443 protocol=tcp to-port=4443"
 
-- firewalld:
-    port: "8443/tcp"
-    zone: public
-    permanent: true
-    immediate: true
-    state: enabled
-
 - command:
     cmd: "firewall-cmd --reload"