---
# This role deploys firewall rulesets to Ubuntu hosts

- name: Make sure iptables and netfilter-persistent are installed
  apt:
    name: "{{ packages }}"
    state: latest
  vars:
    packages:
    - iptables-persistent
    - netfilter-persistent

- name: Copy IPv4 ruleset
  copy:
    src: {{ ansible_fqdn }}.rules.v4
    dest: /etc/iptables/rules.v4
    backup: yes

- name: Copy IPv6 ruleset
  copy:
    src: {{ ansible_fqdn }}.rules.v6
    dest: /etc/iptables/rules.v6
    backup: yes

- name: Restart netfilter-persistent service to load rulesets
  service:
    name: netfilter-persistent
    state: restarted
    enabled: yes