---

- name: FIREWALL rules
  template:
    src: rules.v4
    dest: /etc/iptables/rules.v4
    owner: root
    group: root
    mode: "0644"
  become: true
  # notify: nfs_reload_exports

- name: FIREWALL rules restore
  shell: iptables-restore /etc/iptables/rules.v4

- name: FIREWALL enable IPv4 forward
  sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    sysctl_file: /etc/sysctl.d/ipv4_forward.conf
    sysctl_set: yes
    state: present
    reload: yes
    ignoreerrors: yes

- name: FIREWALL disable IPv6
  sysctl:
    name: net.ipv6.conf.all.disable_ipv6
    value: "1"
    sysctl_file: /etc/sysctl.d/disable_ipv6.conf
    sysctl_set: yes
    state: present
    reload: yes
    ignoreerrors: yes