--- /dev/null
+- name: Install fail2ban and iptables-services
+ become: true
+ dnf:
+ name: ['fail2ban', 'iptables-services']
+ state: latest
+ update_cache: yes
+ register: services
+
+- name: Disable firewalld
+ become: true
+ service:
+ name: firewalld.service
+ state: stopped
+ enabled: no
+
+- name: Enable fail2ban
+ become: true
+ service:
+ name: fail2ban
+ state: started
+ enabled: yes
+
+- name: Enable iptables-service
+ become: true
+ service:
+ name: iptables
+ state: started
+ enabled: yes
+
+- name: Configure firewall
+ become: true
+ copy:
+ src: etc
+ dest: /
+ owner: root
+ group: root
+ directory_mode: '0750'
+ mode: '0750'
+ force: no
+ register: etc
+
+- name: Fix permissions for /etc/network/functions
+ become: true
+ file:
+ path: /etc/network/functions.phd
+ mode: '0640'
+ register: functions
+
+- name: Start iptables
+ become: true
+ command: /etc/rc.d/init.d/iptables.sh start
+ when: services.changed or etc.changed or functions.changed