---  
- name: Installation de firewalld
  apt:
    state: present
    name:
    - firewalld

- name: affectation de l'interface enp0s3 a la zone external
  ansible.posix.firewalld:
    zone: external
    interface: enp0s3
    permanent: true
    state: enabled

- name: affectation de l'interface enp0s8 a la zone external
  ansible.posix.firewalld:
    zone: internal
    interface: enp0s8
    permanent: true
    state: enabled

- name: FirewallD rules pour la zone internal
  firewalld:
    zone: internal
    permanent: yes
    immediate: yes
    service: "{{ item }}"
    state: enabled
  with_items:
   - http
   - https
   - dns
   - ssh 
   - rdp

- name: FirewallD rules pour la zone internal
  firewalld:
    zone: external
    permanent: yes
    immediate: yes
    service: "{{ item }}"
    state: enabled
  with_items:
   - ssh 
   - rdp
         #- ansible.posix.firewalld:
         #   zone: internal
         #   service: http
         #  permanent: true
         #  state: enabled

         #- ansible.posix.firewalld:
         #    zone: internal
         # service: dns
         # permanent: true
         #state: enabled

#- ansible.posix.firewalld:
#    zone: internal
#    service: ssh 
#    permanent: true
#    state: enabled

      #- ansible.posix.firewalld:
      # zone: internal
      # service: rdp 
      #permanent: true
      #state: enabled


- ansible.posix.firewalld:
    zone: internal
    port: 8080/tcp 
    permanent: true
    state: enabled

- ansible.posix.firewalld:
    zone: external
    port: 3389/tcp 
    permanent: true
    state: enabled

- ansible.posix.firewalld:
    port_forward:        
      - port: 3389
        proto: tcp      
        toaddr: "192.168.99.6"
        toport: 3389                                                                        
    state: enabled
    immediate: yes