- block: - name: set firewall_cfg set_fact: firewall_cfg: "{{ firewall_default_config | d({}) | combine(firewall_ssh_config if (firewall_use_ssh | d(true) == true) else {}, recursive=true, list_merge='append') | combine(role_firewall_config | d({}), recursive=true, list_merge='append') | combine(firewall_collected_configs | d({}), recursive=true, list_merge='append') | combine(firewall | d({}), recursive=true, list_merge='append') }}" - name: install iptables include_tasks: tasks/install_packages.yml vars: package: - iptables - alpine: iptables-openrc - debian: iptables-persistent - name: edit service config lineinfile: path: /etc/conf.d/iptables regexp: "^IPTABLES_SAVE=" line: "IPTABLES_SAVE=\"{{ iptables_file }}\"" when: ansible_distribution == 'Alpine' - name: template iptables schema template: src: iptables.j2 dest: "{{ iptables_file }}" force: yes lstrip_blocks: yes register: result - name: load iptables community.general.iptables_state: path: "{{ iptables_file }}" state: restored async: "{{ ansible_timeout }}" poll: 0 when: result.changed - name: start and enable iptables service: name: iptables enabled: yes state: started when: ansible_distribution == 'Alpine' - name: start and enable netfilter-persistent service: name: netfilter-persistent enabled: yes state: started when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' when: firewall is mapping or role_firewall_config is mapping or (host_firewall | d(false) == true)