[base] Remove tasks to disable iptables/nftables

It doesn't make sense to disable something that isn't installed. Let's instead make sure that the package is not installed.
2026-06-27 23:57:02 +08:00 · 2025-07-17 18:26:21 +02:00
parent 7f877e95ee
commit 0e8dd65fc5
1 changed files with 14 additions and 20 deletions
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -143,6 +143,13 @@
  - base
  when: not nftables
 - name: Ensure nftables is not installed
  ansible.builtin.package: state=absent name=nftables
  tags:
  - packages
  - base
  when: not nftables
 - name: Ensure nftables is installed
  ansible.builtin.package: state=present name=nftables
  tags:
@@ -150,6 +157,13 @@
  - base
  when: nftables
 - name: Ensure iptables is not installed
  ansible.builtin.package: state=absent name=iptables
  tags:
  - packages
  - base
  when: nftables
 - name: Ensure ipset is installed
  ansible.builtin.package: state=present name=ipset
  tags:
@@ -251,16 +265,6 @@
  - baseiptables|bool
  - not nftables
 - name: Iptables service disabled
  service: name=iptables state=stopped enabled=false
  tags:
  - iptables
  - service
  - base
  when:
  - baseiptables|bool
  - nftables
 - name: Nftables service enabled
  service: name=nftables state=started enabled=true
  tags:
@@ -271,16 +275,6 @@
  - baseiptables|bool
  - nftables
 - name: Nftables service disabled
  service: name=nftables state=started enabled=false
  tags:
  - iptables
  - service
  - base
  when:
  - baseiptables|bool
  - not nftables
 - name: Ip6tables
  ansible.builtin.template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes
  with_first_found: