---
- name: Enable and start firewalld
  ansible.builtin.systemd:
    name: firewalld
    enabled: yes
    state: started

- name: Assign interface ens18 to core zone
  ansible.posix.firewalld:
    interface: ens18
    zone: core
    state: enabled
    permanent: true

- name: Assign interface ens19 to mgmt zone
  ansible.posix.firewalld:
    interface: ens19
    zone: mgmt
    state: enabled
    permanent: true

- name: Assign interface ens20 to dmz zone
  ansible.posix.firewalld:
    interface: ens20
    zone: dmz
    state: enabled
    permanent: true

- name: Set core to default
  ansible.builtin.command: firewall-cmd --set-default-zone=core 

# - name: Remove ens18 from public
#   ansible.builtin.command: firewall-cmd --zone=public --remove-interface=ens18 
  
# - name: Assign interface ens18 to "internal" zone
#   ansible.posix.firewalld:
#     interface: ens18
#     zone: internal
#     state: enabled
#     permanent: true

- name: Reload firewalld to apply changes
  ansible.builtin.command: firewall-cmd --reload