- name: Install firewalld
  zypper:
    name: firewalld
    state: present
  notify:
    - Restart firewalld

- name: Enable and start firewalld
  command: systemctl enable --now firewalld
  register: firewalld_enable
  changed_when: "'Created symlink' in firewalld_enable.stdout or 'enabled' in firewalld_enable.stdout"
  notify:
    - Restart firewalld

- name: Open specified firewall ports permanently
  loop: "{{ firewall_ports }}"
  command: firewall-cmd --permanent --add-port={{ item.port }}/{{ item.protocol }}
  register: firewalld_add_port
  changed_when: "'success' in firewalld_add_port.stdout"
  notify:
    - Restart firewalld

- name: Reload firewalld rules
  command: firewall-cmd --reload
  register: firewalld_reload
  changed_when: "'success' in firewalld_reload.stdout"
  notify:
    - Restart firewalld