---
- name: firewall | apt update cache
  apt:
    update_cache: yes
    cache_valid_time: 86400 #One day

- name: firewall | install iptables packages
  apt:
    name:
      - iptables
    state: present

- name: firewall | copy script
  template:
    src: "firewall.j2"
    dest: "/usr/local/bin/firewall"
    mode: "0755"
    force: yes
  notify:
    - restart firewall

- name: firewall | copy systemd unit file
  copy:
    src: "firewall.service"
    dest: "/lib/systemd/system/firewall.service"
    mode: "0644"
    force: yes
  notify:
    - restart firewall

- name: fireall | enable on boot
  systemd: 
    name: firewall
    enabled: yes
    masked: no