roles/common: Start nftables service later
We should only try to start the nftables service after we finish copying all the config files just in case there is some unclean state in one of them. On a first run this shouldn't matter, but after nftables and some abuse list update scripts have run this can happen (mostly in testing!).
This commit is contained in:
@ -29,10 +29,6 @@
|
||||
when: ansible_distribution_version is version('16.04', '>=')
|
||||
apt: pkg=ufw state=absent
|
||||
|
||||
- name: Start and enable nftables
|
||||
when: ansible_distribution_version is version('20.04', '>=')
|
||||
systemd: name=nftables state=started enabled=yes
|
||||
|
||||
- name: Copy nftables.conf
|
||||
when: ansible_distribution_version is version('20.04', '>=')
|
||||
template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
|
||||
@ -116,6 +112,10 @@
|
||||
when: ansible_distribution_version is version('20.04', '>=')
|
||||
systemd: name=update-spamhaus-nftables.timer state=started enabled=yes
|
||||
|
||||
- name: Start and enable nftables
|
||||
when: ansible_distribution_version is version('20.04', '>=')
|
||||
systemd: name=nftables state=started enabled=yes
|
||||
|
||||
- include_tasks: fail2ban.yml
|
||||
when: ansible_distribution_version is version('16.04', '>=')
|
||||
tags: firewall
|
||||
|
Reference in New Issue
Block a user