- name: Start and enable firewalld
  service:
    name: firewalld
    state: started
    enabled: true
  tags: firewall

- name: Open port 80 for HTTP
  ansible.builtin.firewalld:
    port: 80/tcp
    permanent: true
    state: enabled
    immediate: yes
  tags: firewall

- name: Open port 443 for HTTPS
  ansible.builtin.firewalld:
    port: 443/tcp
    permanent: true
    state: enabled
    immediate: yes
  tags: firewall

- name: Reload firewalld to apply changes
  ansible.builtin.service:
    name: firewalld
    state: reloaded
  tags: firewall