---

- name: directories
  loop:
    - /etc/ferm/ferm.d
    - /etc/ferm/input.d
    - /etc/ferm/output.d
    - /etc/ferm/forward.d
  file:
    path: "{{ item }}"
    state: directory

- name: global
  when: ferm_global_settings | d(false)
  notify: reload ferm
  copy:
    dest: /etc/ferm/ferm.d/{{ ferm_rules_filename }}.conf
    content: "{{ ferm_global_settings }}"

- name: input
  when: ferm_input_rules | length > 0
  notify: reload ferm
  copy:
    dest: /etc/ferm/input.d/{{ ferm_rules_filename }}.conf
    content: |
      {% for rule in ferm_input_rules %}
      {% if rule.mod is defined and rule.mod %}mod {{ rule.mod }} {% endif %}
      {% if rule.helper is defined and rule.helper %}helper {{ rule.helper }} {% endif %}
      {% if rule.saddr is defined and rule.saddr %}saddr @ipfilter(({{ rule.saddr | join(' ') }})) {% endif %}
      {% if rule.daddr is defined and rule.daddr %}daddr @ipfilter(({{ rule.daddr | join(' ') }})) {% endif %}
      {% if rule.proto is defined and rule.proto %}proto ({{ rule.proto | join(' ') }}) {% endif %}
      {% if rule.dport is defined and rule.dport %}dport ({{ rule.dport | join(' ') }}) {% endif %}
      {% if rule.sport is defined and rule.sport %}sport ({{ rule.sport | join(' ') }}) {% endif %}
      {% if rule.policy is defined and rule.policy %}{{ rule.policy | upper }}{% else %}ACCEPT{% endif %};
      {% endfor %}

- name: output
  when: ferm_output_rules | length > 0
  notify: reload ferm
  copy:
    dest: /etc/ferm/output.d/{{ ferm_rules_filename }}.conf
    content: |
      {% for rule in ferm_output_rules %}
      {% if rule.mod is defined and rule.mod %}mod {{ rule.mod }} {% endif %}
      {% if rule.helper is defined and rule.helper %}helper {{ rule.helper }} {% endif %}
      {% if rule.saddr is defined and rule.saddr %}saddr @ipfilter(({{ rule.saddr | join(' ') }})) {% endif %}
      {% if rule.daddr is defined and rule.daddr %}daddr @ipfilter(({{ rule.daddr | join(' ') }})) {% endif %}
      {% if rule.proto is defined and rule.proto %}proto ({{ rule.proto | join(' ') }}) {% endif %}
      {% if rule.dport is defined and rule.dport %}dport ({{ rule.dport | join(' ') }}) {% endif %}
      {% if rule.sport is defined and rule.sport %}sport ({{ rule.sport | join(' ') }}) {% endif %}
      {% if rule.policy is defined and rule.policy %}{{ rule.policy | upper }}{% else %}ACCEPT{% endif %};
      {% endfor %}

- name: forward
  when: ferm_forward_rules | length > 0
  notify: reload ferm
  copy:
    dest: /etc/ferm/forward.d/{{ ferm_rules_filename }}.conf
    content: |
      {% for rule in ferm_forward_rules %}
      {% if rule.mod is defined and rule.mod %}mod {{ rule.mod }} {% endif %}
      {% if rule.helper is defined and rule.helper %}helper {{ rule.helper }} {% endif %}
      {% if rule.saddr is defined and rule.saddr %}saddr @ipfilter(({{ rule.saddr | join(' ') }})) {% endif %}
      {% if rule.daddr is defined and rule.daddr %}daddr @ipfilter(({{ rule.daddr | join(' ') }})) {% endif %}
      {% if rule.proto is defined and rule.proto %}proto ({{ rule.proto | join(' ') }}) {% endif %}
      {% if rule.dport is defined and rule.dport %}dport ({{ rule.dport | join(' ') }}) {% endif %}
      {% if rule.sport is defined and rule.sport %}sport ({{ rule.sport | join(' ') }}) {% endif %}
      {% if rule.policy is defined and rule.policy %}{{ rule.policy | upper }}{% else %}ACCEPT{% endif %};
      {% endfor %}

...