roles/common: Separate firewalld tasks for Ubuntu and Debian

Signed-off-by: Alan Orth <alan.orth@gmail.com>

roles/common/tasks/iptables_Debian.yml

@@ -1,33 +1,17 @@
 ---
-- name: Install iptables-persistent
-  when: ansible_distribution_version == '14.04'
-  apt: pkg=iptables-persistent update_cache=yes
-
-- name: Copy /etc/iptables/rules.v4
-  when: ansible_distribution_version == '14.04'
-  template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600
-  notify:
-    - restart iptables-persistent
-
-- name: Copy /etc/iptables/rules.v6
-  when: ansible_distribution_version == '14.04'
-  template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600
-  notify:
-    - restart iptables-persistent
-
 - name: Install firewalld and deps
-  when: ansible_distribution_version == '15.04'
+  when: ansible_distribution_major_version == '8'
   apt: pkg={{ item }} state=latest
   with_items:
     - firewalld
     - tidy
 
 - name: Copy firewalld public zone file
-  when: ansible_distribution_version == '15.04'
+  when: ansible_distribution_major_version == '8'
   template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
 
 - name: Format public.xml firewalld zone file
-  when: ansible_distribution_version == '15.04'
+  when: ansible_distribution_major_version == '8'
   shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
   notify:
     - restart firewalld

roles/common/tasks/iptables_Ubuntu.yml

@@ -0,0 +1,33 @@
+---
+- name: Install iptables-persistent
+  when: ansible_distribution_version == '14.04'
+  apt: pkg=iptables-persistent update_cache=yes
+
+- name: Copy /etc/iptables/rules.v4
+  when: ansible_distribution_version == '14.04'
+  template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600
+  notify:
+    - restart iptables-persistent
+
+- name: Copy /etc/iptables/rules.v6
+  when: ansible_distribution_version == '14.04'
+  template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600
+  notify:
+    - restart iptables-persistent
+
+- name: Install firewalld and deps
+  when: ansible_distribution_version == '15.04'
+  apt: pkg={{ item }} state=latest
+  with_items:
+    - firewalld
+    - tidy
+
+- name: Copy firewalld public zone file
+  when: ansible_distribution_version == '15.04'
+  template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
+
+- name: Format public.xml firewalld zone file
+  when: ansible_distribution_version == '15.04'
+  shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
+  notify:
+    - restart firewalld

roles/common/tasks/main.yml

@@ -16,8 +16,12 @@
   when: ansible_distribution == 'Debian'
   tags: packages
 
+- include: iptables_Ubuntu.yml
+  when: ansible_distribution == 'Ubuntu'
+  tags: firewall
+
 - include: iptables_Debian.yml
-  when: ansible_os_family == 'Debian'
+  when: ansible_distribution == 'Debian'
   tags: firewall
 
 - include: sshd.yml