ansible-personal/roles/common/tasks/iptables_Ubuntu.yml

---
- name: Install iptables-persistent
  when: ansible_distribution_version == '14.04'
  apt: pkg=iptables-persistent update_cache=yes cache_valid_time=3600
  tags: packages

- name: Copy /etc/iptables/rules.v4
  when: ansible_distribution_version == '14.04'
  template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600
  notify:
    - restart iptables-persistent

- name: Copy /etc/iptables/rules.v6
  when: ansible_distribution_version == '14.04'
  template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600
  notify:
    - restart iptables-persistent

- name: Install firewalld and deps
  when: ansible_distribution_version >= '15.04'
  apt: pkg={{ item }} state=latest
  with_items:
    - firewalld
    - tidy
  tags: packages

- name: Copy firewalld public zone file
  when: ansible_distribution_version >= '15.04'
  template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600

- name: Format public.xml firewalld zone file
  when: ansible_distribution_version >= '15.04'
  shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
  notify:
    - restart firewalld