Cleaner network/templates/gateway/iiab-gen-iptables & 2-common prep

roles/2-common/tasks/network.yml

@@ -15,15 +15,17 @@
     name:
       - hostapd                # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired
       - iproute2               # 2021-07-27: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools
-      - iptables-persistent    # Boot-time loader for netfilter rules, iptables (firewall) plugin -- however 'netfilter' is ever moving forward so keep an eye on it!
+      - iptables-persistent    # Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it!
       - netmask                # Handy utility -- helps determine network masks
     state: present
 
-- name: Install /etc/network/if-pre-up.d/iptables from template (0755, debuntu)
-  template:
-    src: iptables
-    dest: /etc/network/if-pre-up.d/iptables
-    mode: '0755'
+# 2021-08-17: Debian ignores this, according to 2013 post:
+# https://serverfault.com/questions/511099/debian-ignores-etc-network-if-pre-up-d-iptables
+# - name: Install /etc/network/if-pre-up.d/iptables from template (0755)
+#   template:
+#     src: iptables
+#     dest: /etc/network/if-pre-up.d/iptables
+#     mode: '0755'
 
 # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
 - name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)"