Do not flush the fw rules when docker is present.

2023-10-26 14:20:04 +02:00 · 2023-10-26 14:20:04 +02:00 · 564b863b81
parent 9521affbdb
commit 564b863b81
1 changed files with 14 additions and 4 deletions
--- a/tasks/disable-plain-iptables.yml
+++ b/tasks/disable-plain-iptables.yml
@ -1,11 +1,21 @@
 ---
+- name: disable-plain-iptables | Stop the iptables firewall
+  when: docker_install is not defined
+  tags: ['iptables', 'iptables_rules']
+  block:
+    - name: disable-plain-iptables | Check if /usr/sbin/netfilter-persistent exists
+      ansible.builtin.stat:
+        path: /usr/sbin/netfilter-persistent
+      register: netfilter_persistent_executable
+    - name: disable-plain-iptables | Flush the iptables rules
+      ansible.builtin.command: /usr/sbin/netfilter-persistent flush && touch /root/.netfilter_disabled
+      args:
+        creates: /root/.netfilter_disabled
+      when: netfilter_persistent_executable.stat.exists is defined and netfilter_persistent_executable.stat.exists
+
 - name: disable-plain-iptables | Stop the iptables firewall
  tags: ['iptables', 'iptables_rules']
  block:
-    - name: disable-plain-iptables | Flush the iptables rules
-      ansible.builtin.command: /usr/sbin/netfilter-persistent flush
-      ignore_errors: true
-
    - name: disable-plain-iptables | Stop and disable the netfilter service
      ansible.builtin.service:
        name: netfilter-persistent