From cba2a7a99660bcce325ba70b5861be3a0ba73df8 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Thu, 29 Jul 2021 10:10:04 +0300 Subject: [PATCH] roles/common: Fix nftables in Debian firewall The previous commit meant to move the service start, not the config copying task. --- roles/common/tasks/firewall_Debian.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/common/tasks/firewall_Debian.yml b/roles/common/tasks/firewall_Debian.yml index efe7832..824dead 100644 --- a/roles/common/tasks/firewall_Debian.yml +++ b/roles/common/tasks/firewall_Debian.yml @@ -23,9 +23,11 @@ - name: Install firewall packages apt: pkg={{ debian_firewall_packages }} state=present cache_valid_time=3600 - - name: Start and enable nftables + - name: Copy nftables.conf when: ansible_distribution_major_version is version('11', '>=') - systemd: name=nftables state=started enabled=yes + template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644 + notify: + - reload nftables - name: Create /etc/nftables extra config directory when: ansible_distribution_major_version is version('11', '>=') @@ -125,11 +127,9 @@ when: ansible_distribution_version is version('11', '>=') systemd: name=update-spamhaus-nftables.timer state=started enabled=yes - - name: Copy nftables.conf + - name: Start and enable nftables when: ansible_distribution_major_version is version('11', '>=') - template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644 - notify: - - reload nftables + systemd: name=nftables state=started enabled=yes - include_tasks: fail2ban.yml when: ansible_distribution_major_version is version('9', '>=')