- name: "Allow service {{ service.name }}"
  win_firewall_rule:
    name: "Allow incoming {{ service.name }} for {{ remoteip }}"
    group: "{{ service.name }}"
    action: allow
    enabled: true
    direction: in
    protocol: "{{ service.protocol.value }}"
    localport: "{{ service.ports | join(',') }}"
    remoteip: "{{ remoteip }}"
  loop: "{{ service | allowed_prefixes | default(['any'], true) }}"
  loop_control:
    label: "{{ remoteip }}"
    loop_var: remoteip