- name: Root port forwards for web traffic.
  firewalld:
    rich_rule: "{{ item }}"
    zone: public
    permanent: true
    immediate: true
    state: enabled
  with_items:
    - "rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080"
    - "rule family=ipv4 forward-port port=443 protocol=tcp to-port=4443"

  firewalld:
    rich_rule: "{{ item }}"
    zone: public
    permanent: true
    immediate: true
    state: enabled
  with_items:
    - "rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080"
    - "rule family=ipv4 forward-port port=443 protocol=tcp to-port=4443"

- command:
    cmd: "firewall-cmd --reload"