---
#firewall_base/tasks/main.yml
- name: Install required base packages
  become: true
  dnf:
    name:
      - firewalld
    state: present

- name: Enable firewalld
  become: true
  systemd:
    name: firewalld
    enabled: true
    state: started

- name: Open required firewall rules
  become: true
  ansible.posix.firewalld:
    port: "{{ item.port | default(omit) }}"
    service: "{{ item.service | default(omit) }}"
    permanent: true
    state: enabled
    immediate: true
  loop: "{{ base_firewall_rules }}"