---
# Ubuntu 20.04 will use nftables directly, with no firewalld.

- name: Install Ubuntu firewall packages
  when: ansible_distribution_version is version('20.04', '>=')
  ansible.builtin.package:
    name:
      - libnet-ip-perl # for aggregate-cidr-addresses.pl
      - nftables
      - curl # for nftables update scripts
    state: present
    cache_valid_time: 3600

- name: Remove ufw
  ansible.builtin.package:
    name: ufw
    state: absent

- name: Configure nftables
  ansible.builtin.include_tasks: nftables.yml
  when: ansible_distribution_version is version('20.04', '>=')

- ansible.builtin.include_tasks: fail2ban.yml
  when:
    - ansible_distribution_version is version('16.04', '>=')

# vim: set sw=2 ts=2: