iiab/roles/2-common/tasks/iptables.yml

- name: Disable firewalld service (OS's other than debuntu)
  service:
    name: firewalld
    enabled: no
  when: not is_debuntu

- name: Use larger hammer to disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
  shell: "systemctl disable firewalld.service"
  when: not is_debuntu

- name: Mask firewalld service (OS's other than debuntu)
  shell: 'systemctl mask firewalld'
  ignore_errors: yes
  when: not installing and not is_debuntu

- name: Stop firewalld service (OS's other than debuntu)
  service:
    name: firewalld
    state: stopped
  ignore_errors: yes
  when: not installing and not is_debuntu

- name: Remove iptables.service file from /etc
  file:
    path: /etc/systemd/system/iptables.service
    state: absent

- name: Remove iptables-xs.service file from /etc
  file:
    path: /etc/systemd/system/iptables-xs.service
    state: absent

- name: Install iptables service package (debuntu)
  package:
    name: iptables-persistent
    state: present
  when: is_debuntu
  tags:
    - download

- name: Install iptables service package (OS's other than debuntu)
  package:
    name: iptables-services
    state: present
  when: not is_debuntu
  tags:
    - download

- name: Install iptables services
  template:
    src: "{{ item.0 }}"
    dest: "{{ item.1 }}"
    owner: root
    group: root
    mode: "{{ item.2 }}"
  with_items:
   - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }

- name: Install Debian config (debuntu)
  template:
    src: iptables
    dest: /etc/network/if-pre-up.d/iptables
    mode: 0755
  when: is_debuntu