From cd52402539ecb30f94717758f4c0772d5a812337 Mon Sep 17 00:00:00 2001
From: Pavel Zinchuk <pzinchuk@Pavels-MacBook-Pro.local>
Date: Tue, 5 May 2020 09:43:34 +0300
Subject: [PATCH 1/2] Allow to configure the same service for different zones

---
 tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 5b00424..282062b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -63,7 +63,7 @@
 
 - name: set firewalld service rules
   firewalld:
-    service: "{{ item.key }}"
+    service: "{{ item.value.service | default(item.key) }}"
     permanent: "{{ item.value.permanent|default('true') }}"
     immediate: "{{ item.value.immediate|default('true') }}"
     state: "{{ item.value.state|default('enabled') }}"

From fa4ae80b1f0756d0af7c012b05e4fb0be45caef3 Mon Sep 17 00:00:00 2001
From: Pavel Zinchuk <zinchukpavlo@gmail.com>
Date: Wed, 3 Jun 2020 13:51:28 +0300
Subject: [PATCH 2/2] Add posibility to assign more than one interface to zones

---
 README.md      | 24 +++++++++++++++---------
 tasks/main.yml | 10 ++++++----
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 4fa4654..8bc8282 100644
--- a/README.md
+++ b/README.md
@@ -31,15 +31,6 @@ The following variable is used to define the default zone of firewalld:
 
 ---
 
-The following variables are used to define the interface of a zone (multiple interfaces per zone possible, one interface per line):
-
-```
-    firewalld_zone_interface:
-      public: (required, e.g. eth0)
-```
-
----
-
 The following variables are used to define the source of a zone:
 
 ```
@@ -89,6 +80,21 @@ The following variables are used to define a port rule:
 
 ---
 
+The following variables are used to define which interfaces assigned to zones:
+
+```
+    firewalld_zone_interfaces:
+      - name: trusted
+        interfaces:
+          - eth1
+          - eth2
+      - name: public
+        interfaces:
+          - eth0
+```
+
+---
+
 The following variables are used to define a rich rule: 
 
 ```
diff --git a/tasks/main.yml b/tasks/main.yml
index 282062b..7096810 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -20,13 +20,15 @@
   changed_when: result.stdout == "success"
   tags: firewalld
 
-- name: set firewalld zone interface
+- name: set firewalld zone interfaces
   shell: |
-    if [[ "$(/bin/firewall-cmd --get-zone-of-interface={{ item.value }})" != "{{ item.key }}" ]]
+    if [[ "$(/bin/firewall-cmd --get-zone-of-interface={{ item.1 }})" != "{{ item.0.name }}" ]]
     then
-      /bin/firewall-cmd --zone={{ item.key }} --add-interface={{ item.value }} --permanent && echo "changed"
+      /bin/firewall-cmd --zone={{ item.0.name }} --add-interface={{ item.1 }} --permanent && echo "changed"
     fi
-  with_dict: "{{ firewalld_zone_interface|default({}) }}"
+  with_subelements: 
+    - "{{ firewalld_zone_interfaces|default([]) }}"
+    - interfaces
   register: shell_result
   changed_when: shell_result.stdout | join('') is search('changed')
   notify: restart firewalld