---
- name: install iptables packages
  package:
    name: "{{ item }}"
    state: present
  loop:
    - iptables
    - iptables-persistent

- name: configure nf_conntrack module to load on system boot
  template:
    src: nf_conntrack.module.conf.j2
    dest: /etc/modules-load.d/nf_conntrack.conf

- name: load netfilter modules
  modprobe:
    name: "{{ item }}"
    state: present
  loop:
    - nf_conntrack
    - nf_conntrack_ipv4

- name: set netfilter sysctl settings
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
  loop: "{{ sysctl_settings_netfilter }}"

- name: write iptables configuration
  template:
    src: rules.v4.j2
    dest: /etc/iptables/rules.v4
  notify: iptables-restore

- name: write ip6tables configuration
  template:
    src: rules.v6.j2
    dest: /etc/iptables/rules.v6
  notify: ip6tables-restore