Configure firewalld for external interface:
  firewalld.present:
    - name: external
    - masquerade: True
    - prune_ports: True
    - prune_services: True
    - prune_interfaces: True
    - interfaces:
      - {{ pillar['network']['interface']['external'] }}
    - services:
      - ssh

Configure firewalld for internal network:
  firewalld.present:
    - name: internal
    - prune_ports: True
    - prune_services: True
    - prune_interfaces: True
    - interfaces:
      - {{ pillar['network']['interface']['internal'] }}
    - services:
      - ssh
      - dhcp
      - tftp
      - http
      - https
      - dns
      - ntp

Configure firewalld for vlan networks:
  firewalld.present:
    - name: internal
    - prune_ports: True
    - prune_services: True
    - prune_interfaces: True
    - interfaces:
      {% for vlan in pillar['network']['vlan'] -%}
      - vlan.{{ vlan['id'] }}
      {% endfor %}
    - services:
      - ssh
      - dhcp
      - tftp
      - http
      - https
      - dns
      - ntp