ansible-on-prem/roles/provision/alma/firewall/tasks/main.yml

---
- name: Enable and start firewalld
  ansible.builtin.systemd:
    name: firewalld
    enabled: yes
    state: started

- name: Set internal to default
  ansible.builtin.command: firewall-cmd --set-default-zone=internal

- name: Remove ens18 from public
  ansible.builtin.command: firewall-cmd --zone=public --remove-interface=ens18 --permanent
  
- name: Assign interface ens18 to "internal" zone
  ansible.posix.firewalld:
    interface: ens18
    zone: internal
    state: enabled
    permanent: true

- name: Reload firewalld to apply changes
  ansible.builtin.command: firewall-cmd --reload