roles/common: Use nftables firewalld backend on Debian 10

nftables is the iptables replacement. There is support for nftables
in firewalld since v0.6.0.

See: https://firewalld.org/2018/07/nftables-backend

roles/common/tasks/firewall_Debian.yml

@@ -8,6 +8,15 @@
       - firewalld
       - tidy
 
+  - name: Use nftables backend in firewalld
+    when: ansible_distribution_major_version is version_compare('10', '>=')
+    lineinfile:
+      dest: /etc/firewalld/firewalld.conf
+      regexp: '^FirewallBackend=iptables$'
+      line: 'FirewallBackend=nftables'
+    notify:
+      - restart firewalld
+
   - name: Copy firewalld public zone file
     when: ansible_distribution_major_version is version_compare('8', '>=')
     template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600