Setting ferm to False requires setting ferm_flush to False too

[scibi]

I needed to disable ferm for some host so I just set ferm to False. Unfortunately one task failed because ferm was not installed.

TASK: [debops.ferm | Clear iptables rules if ferm is disabled] **************** 
failed: [edurtrtest] => {"changed": false, "cmd": "ferm --flush /etc/ferm/ferm.conf", "failed": true, "rc": 2}
msg: [Errno 2] No such file or directory

FATAL: all hosts have already failed -- aborting

Maybe ferm_flush should be set to the same value as ferm by default? Or maybe it should be mentioned in the documentation that one needs to set ferm_flush to False manually?

[drybjed]

Setting it the same as ferm value will be a better option. Honestly, the idea of using role name as a enable/disable variable was a bad one, I will probably phase that out in the future.