- name: Install fail2ban and iptables-services
  become: true
  dnf:
    name: ['fail2ban', 'iptables-services']
    state: latest
    update_cache: yes
  register: services

- name: Disable firewalld
  become: true
  service:
    name: firewalld.service
    state: stopped
    enabled: no

- name: Enable fail2ban
  become: true
  service:
    name: fail2ban
    state: started
    enabled: yes

- name: Enable iptables-service
  become: true
  service:
    name: iptables
    state: started
    enabled: yes

- name: Configure firewall
  become: true
  copy:
    src: etc
    dest: /
    owner: root
    group: root
    directory_mode: '0750'
    mode: '0750'
    force: no
  register: etc

- name: Fix permissions for /etc/network/functions
  become: true
  file:
    path: /etc/network/functions.phd
    mode: '0640'
  register: functions

- name: Start iptables
  become: true
  command: /etc/rc.d/init.d/iptables.sh start
  when: services.changed or etc.changed or functions.changed