Manage the postgresql firewalld rule directly in the postgresql role.

library/roles/postgresql/defaults/main.yml

@@ -229,3 +229,4 @@ pg_backup_use_auth: "no"
 pg_backup_pass_file: /root/.pgpass
 pg_backup_use_nagios: "yes"
 
+postgresql_firewalld_zone: '{{ firewalld_default_zone }}'

library/roles/postgresql/tasks/configure-access.yml

@@ -1,4 +1,10 @@
 ---
+- name: Open the postgresql service to a specific zone.
+  firewalld: service=postgresql zone={{ postgresql_firewalld_zone }} permanent=True state=enabled immediate=True
+  when:
+    - psql_listen_on_ext_int | bool
+    - firewalld_enabled | bool
+
 - name: Give access to the remote postgresql client
   lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
   with_subelements: