roles/common: Use iptables backend for firewalld on Debian

For some reason the nftables set support in firewalld doesn't seem
to be working. I see that sets (aka ipsets in nftables lingo) are
created, but they are empty. For now I will just leave these tasks
as they are to revert the behavior on current hosts (should do no
change on new installed, as the regexp won't match).
This commit is contained in:
Alan Orth 2019-10-26 19:34:25 +02:00
parent 919fbbbcd9
commit 2631f76c6d
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9

View File

@ -13,12 +13,12 @@
when: ansible_distribution_major_version is version_compare('9', '>=')
apt: pkg={{ debian_firewall_packages }} state=present
- name: Use nftables backend in firewalld
- name: Use iptables backend in firewalld
when: ansible_distribution_major_version is version_compare('10', '>=')
lineinfile:
dest: /etc/firewalld/firewalld.conf
regexp: '^FirewallBackend=iptables$'
line: 'FirewallBackend=nftables'
regexp: '^FirewallBackend=nftables$'
line: 'FirewallBackend=iptables'
notify:
- restart firewalld
@ -29,8 +29,8 @@
when: ansible_distribution_major_version is version_compare('10', '>=')
lineinfile:
dest: /etc/firewalld/firewalld.conf
regexp: '^IndividualCalls=no$'
line: 'IndividualCalls=yes'
regexp: '^IndividualCalls=yes$'
line: 'IndividualCalls=no'
notify:
- restart firewalld