playbooks/roles/debian/firewall/tasks/main.yaml

   1 - name: Install fail2ban and nftables
   2   become: true
   3   apt:
   4     cache_valid_time: 3600
   5     install_recommends: no
   6     name: ['fail2ban', 'nftables']
   7     state: latest
   8     update_cache: yes
   9   notify: Restart firewall
  10
  11 - name: "Change /etc/fail2ban/jail.conf (iptables -> nftables)"
  12   become: true
  13   lineinfile:
  14     path: /etc/fail2ban/jail.conf
  15     regexp: '^banaction = iptables-multiport$'
  16     line: 'banaction = nftables-multiport'
  17   notify: Restart firewall
  18 - become: true
  19   lineinfile:
  20     path: /etc/fail2ban/jail.conf
  21     regexp: '^banaction = iptables-multiport-log$'
  22     line: 'banaction = nftables-multiport'
  23   notify: Restart firewall
  24 - become: true
  25   lineinfile:
  26     path: /etc/fail2ban/jail.conf
  27     regexp: '^banaction_allports = iptables-allports$'
  28     line: 'banaction_allports = nftables-allports'
  29   notify: Restart firewall
  30
  31 - name: Configure Debian firewall
  32   become: true
  33   copy:
  34     src: etc
  35     dest: /
  36     owner: root
  37     group: root
  38     directory_mode: '0750'
  39     mode: '0750'
  40     force: no
  41   notify: Restart firewall
  42
  43 - name: Fix permissions for /etc/network/functions
  44   become: true
  45   file:
  46     path: /etc/network/functions.phd
  47     mode: '0640'
  48   notify: Restart firewall
  49
  50 - name: Remove iptables leftovers
  51   become: true
  52   file:
  53     path: /etc/init.d/iptables.sh
  54     state: absent