From 0e8dd65fc573892fb074e44fdf0c2f569b75d628 Mon Sep 17 00:00:00 2001 From: Michal Konecny Date: Thu, 17 Jul 2025 18:26:21 +0200 Subject: [PATCH] [base] Remove tasks to disable iptables/nftables It doesn't make sense to disable something that isn't installed. Let's instead make sure that the package is not installed. --- roles/base/tasks/main.yml | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 7dd4aeabfe..e270c716b7 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -143,6 +143,13 @@ - base when: not nftables +- name: Ensure nftables is not installed + ansible.builtin.package: state=absent name=nftables + tags: + - packages + - base + when: not nftables + - name: Ensure nftables is installed ansible.builtin.package: state=present name=nftables tags: @@ -150,6 +157,13 @@ - base when: nftables +- name: Ensure iptables is not installed + ansible.builtin.package: state=absent name=iptables + tags: + - packages + - base + when: nftables + - name: Ensure ipset is installed ansible.builtin.package: state=present name=ipset tags: @@ -251,16 +265,6 @@ - baseiptables|bool - not nftables -- name: Iptables service disabled - service: name=iptables state=stopped enabled=false - tags: - - iptables - - service - - base - when: - - baseiptables|bool - - nftables - - name: Nftables service enabled service: name=nftables state=started enabled=true tags: @@ -271,16 +275,6 @@ - baseiptables|bool - nftables -- name: Nftables service disabled - service: name=nftables state=started enabled=false - tags: - - iptables - - service - - base - when: - - baseiptables|bool - - not nftables - - name: Ip6tables ansible.builtin.template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes with_first_found: