- name: Install iptables and fail2ban
  become: true
  apt:
    cache_valid_time: 3600
    install_recommends: no
    name: ['iptables', 'fail2ban']
    state: latest
    update_cache: yes
  notify: Restart firewall

- name: Configure Debian firewall
  become: true
  copy:
    src: etc
    dest: /
    owner: root
    group: root
    directory_mode: '0750'
    mode: '0750'
    force: no
  notify: Restart firewall

- name: Fix permissions for /etc/network/functions
  become: true
  file:
    path: /etc/network/functions.phd
    mode: '0640'
  notify: Restart firewall