iiab/roles/2-common/tasks/iptables.yml

- name: Disable firewalld service (OS's other than debuntu)
  service:
    name: firewalld
    enabled: no
  when: not is_debuntu

# Likely no longer nec as of 2019
- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
  shell: systemctl disable firewalld.service
  when: not is_debuntu

- name: Mask firewalld service (OS's other than debuntu)
  shell: systemctl mask firewalld
  ignore_errors: yes
  when: not installing and not is_debuntu

- name: Stop firewalld service (OS's other than debuntu)
  service:
    name: firewalld
    state: stopped
  ignore_errors: yes
  when: not installing and not is_debuntu

- name: Remove /etc/systemd/system/iptables.service
  file:
    path: /etc/systemd/system/iptables.service
    state: absent

- name: Install package iptables-persistent (debuntu)
  package:
    name: iptables-persistent
    state: present
  when: is_debuntu | bool

- name: Install package iptables-services (OS's other than debuntu)
  package:
    name: iptables-services
    state: present
  when: not is_debuntu

- name: Install /etc/sysconfig/iptables-config from template
  template:
    src: iptables-config
    dest: /etc/sysconfig/iptables-config
    # owner: root
    # group: root
    # mode: '0644'

- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
  template:
    src: iptables
    dest: /etc/network/if-pre-up.d/iptables
    mode: '0755'
  when: is_debuntu | bool