---
- name: install iptables packages
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - iptables
    - iptables-persistent

- name: load netfilter modules
  modprobe:
    name: "{{ item }}"
    state: present
  with_items:
    - nf_conntrack
    - nf_conntrack_ipv4

- name: set netfilter sysctl settings
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
  with_items: "{{ sysctl_settings_netfilter }}"

- name: write iptables configuration
  template:
    src: rules.v4.j2
    dest: /etc/iptables/rules.v4
  notify: iptables-restore

- name: write ip6tables configuration
  template:
    src: rules.v6.j2
    dest: /etc/iptables/rules.v6
  notify: ip6tables-restore