From 528a01ec4a9519ddd0db8c0236abe34896275290 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Sat, 17 Feb 2018 12:44:03 +0100
Subject: [PATCH] library/roles/iptables/tasks/main.yml: Ubuntu 16.04 uses
 netfilter-persistent and systemd.

---
 iptables/tasks/main.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/iptables/tasks/main.yml b/iptables/tasks/main.yml
index 892fb731..c242b0b2 100644
--- a/iptables/tasks/main.yml
+++ b/iptables/tasks/main.yml
@@ -55,6 +55,17 @@
   register: install_netfilter_rules
   tags: [ 'iptables', 'iptables_rules' ]
 
+- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On Ubuntu >= 16.04
+  template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
+  with_items:
+    - rules.v4
+    - rules.v6
+  when:
+    - ansible_distribution is 'Ubuntu'
+    - ansible_distribution_major_version >= '16'
+  register: install_netfilter_rules
+  tags: [ 'iptables', 'iptables_rules' ]
+
 - name: Start the iptables service immediately after the new rules have been installed, on Ubuntu precise. This can have an impact on other tasks
   service: name=iptables-persistent state=restarted enabled=yes
   notify: Restart fail2ban