From b53163a875c3fc1c8659261ddcbc5ab541bc21f2 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 12 Jul 2016 16:29:52 +0200
Subject: [PATCH] library/roles/iptables/tasks/main.yml: Start the iptables
 rules immediately after a new set of rules is installed.

---
 iptables/tasks/main.yml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/iptables/tasks/main.yml b/iptables/tasks/main.yml
index 3c6163c1..c3b85587 100644
--- a/iptables/tasks/main.yml
+++ b/iptables/tasks/main.yml
@@ -34,7 +34,7 @@
     - rules.v4
     - rules.v6
   when: is_trusty
-  notify: Start the iptables service
+  register: install_iptables_rules
   tags: [ 'iptables', 'iptables_rules' ]
 
 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7
@@ -43,7 +43,7 @@
     - rules.v4
     - rules.v6
   when: is_debian7
-  notify: Start the iptables service
+  register: install_iptables_rules
   tags: [ 'iptables', 'iptables_rules' ]
 
 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8
@@ -52,6 +52,17 @@
     - rules.v4
     - rules.v6
   when: is_debian8
-  notify: Start the netfilter service
+  register: install_netfilter_rules
   tags: [ 'iptables', 'iptables_rules' ]
 
+- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks
+  service: name=iptables-persistent state=restarted enabled=yes
+  notify: Restart fail2ban
+  when: ( install_iptables_rules | changed )
+  tags: [ 'iptables', 'iptables_rules' ]
+
+- name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks
+  service: name=netfilter-persistent state=restarted enabled=yes
+  notify: Restart fail2ban
+  when: ( install_netfilter_rules | changed )
+  tags: [ 'iptables', 'iptables_rules' ]