firewall.yaml

---

- name: Enable IP Forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present

- name: Ensure nftables runs and enabled
  service:
    name: nftables
    state: started
    enabled: yes

- name: Place nftables configuration file.
  template:
    src: etc/nftables.conf.j2
    dest: /etc/nftables.conf
    mode: 0755

- name: Load config
  command: nft -f /etc/nftables.conf