handle docker rules & templatize custom rules

defaults/main.yml

@@ -3,6 +3,10 @@
 # If null, ansible_default_ipv4.interface is used.
 firewall_public_interface: null
 
+# Preserve Docker-managed chains/rules when restarting the firewall.
+# When true, FORWARD chain is not reset if Docker chains are detected.
+firewall_docker_safe: true
+
 # IPv4 source networks allowed to access admin-restricted services.
 firewall_admin_sources:
   - cidr: "51.158.69.165/32"