With the move to having each service manage its own firewall rules (https://github.com/ho-ansible/ansible/issues/89), this role simplifies to managing only the basic system-wide rules (and possibly providing handlers / macros for other roles to use).
Consequently, we no longer want netfilter-persistent to save the current ruleset on shutdown, since it might contain rules managed by other services.
This role might template a static ruleset to be loaded by iptables-restore on boot (via drop in to networking.service?), but do nothing on shutdown.
With the move to having each service manage its own firewall rules (https://github.com/ho-ansible/ansible/issues/89), this role simplifies to managing only the basic system-wide rules (and possibly providing handlers / macros for other roles to use).
Consequently, we no longer want netfilter-persistent to save the current ruleset on shutdown, since it might contain rules managed by other services.
This role might template a static ruleset to be loaded by
iptables-restoreon boot (via drop in tonetworking.service?), but do nothing on shutdown.