playbooks/debian/roles/firewall/tasks/main.yml

   1 - name: Install fail2ban
   2   become: true
   3   apt:
   4     install_recommends: no
   5     name: fail2ban
   6     state: latest
   7     update_cache: yes
   8   register: fail2ban
   9
  10 - name: Configure Debian firewall
  11   become: true
  12   copy:
  13     src: etc
  14     dest: /
  15     owner: root
  16     group: root
  17     mode: '0750'
  18     force: no
  19   register: etc
  20
  21 - name: Fix permissions for /etc/network/functions
  22   become: true
  23   file:
  24     path: /etc/network/functions.phd
  25     mode: '0640'
  26   register: functions
  27
  28 - name: Start Debian firewall
  29   become: true
  30   command: /etc/init.d/iptables.sh start
  31   when: fail2ban.changed or etc.changed or functions.changed