mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-29 04:51:16 +08:00
[base] Remove tasks to disable iptables/nftables
It doesn't make sense to disable something that isn't installed. Let's instead make sure that the package is not installed.
This commit is contained in:
Michal Konecny
@@ -143,6 +143,13 @@
|
||||
- base
|
||||
when: not nftables
|
||||
|
||||
- name: Ensure nftables is not installed
|
||||
ansible.builtin.package: state=absent name=nftables
|
||||
tags:
|
||||
- packages
|
||||
- base
|
||||
when: not nftables
|
||||
|
||||
- name: Ensure nftables is installed
|
||||
ansible.builtin.package: state=present name=nftables
|
||||
tags:
|
||||
@@ -150,6 +157,13 @@
|
||||
- base
|
||||
when: nftables
|
||||
|
||||
- name: Ensure iptables is not installed
|
||||
ansible.builtin.package: state=absent name=iptables
|
||||
tags:
|
||||
- packages
|
||||
- base
|
||||
when: nftables
|
||||
|
||||
- name: Ensure ipset is installed
|
||||
ansible.builtin.package: state=present name=ipset
|
||||
tags:
|
||||
@@ -251,16 +265,6 @@
|
||||
- baseiptables|bool
|
||||
- not nftables
|
||||
|
||||
- name: Iptables service disabled
|
||||
service: name=iptables state=stopped enabled=false
|
||||
tags:
|
||||
- iptables
|
||||
- service
|
||||
- base
|
||||
when:
|
||||
- baseiptables|bool
|
||||
- nftables
|
||||
|
||||
- name: Nftables service enabled
|
||||
service: name=nftables state=started enabled=true
|
||||
tags:
|
||||
@@ -271,16 +275,6 @@
|
||||
- baseiptables|bool
|
||||
- nftables
|
||||
|
||||
- name: Nftables service disabled
|
||||
service: name=nftables state=started enabled=false
|
||||
tags:
|
||||
- iptables
|
||||
- service
|
||||
- base
|
||||
when:
|
||||
- baseiptables|bool
|
||||
- not nftables
|
||||
|
||||
- name: Ip6tables
|
||||
ansible.builtin.template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes
|
||||
with_first_found:
|
||||
|
||||
Reference in New Issue
Block a user