From 944bda2d1cdfb7778eb5083537f93277be0baba1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20B=C3=B6hm?= <alexander.boehm@malbolge.net>
Date: Sat, 7 Nov 2020 22:39:22 +0100
Subject: [PATCH] add install for iptables-persistent, changed iptables loader

---
 roles/fai/tasks/network.yml | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/roles/fai/tasks/network.yml b/roles/fai/tasks/network.yml
index 84bcce0..a853d74 100644
--- a/roles/fai/tasks/network.yml
+++ b/roles/fai/tasks/network.yml
@@ -1,6 +1,6 @@
 - name: install packages
   apt:
-    name: ['iptables', 'ifupdown']
+    name: ['iptables', 'iptables-persistent', 'ifupdown']
     state: present
 
 - name: ensure resolved is stopped and disabled
@@ -29,7 +29,7 @@
     ifup {{ dhcp_interface }}
   when: lan_iface_cfg.changed
 
-- name: enable permantent masquerading
+- name: enable permantent masquerading for ipv4
   copy:
     content: |
       *nat
@@ -39,15 +39,12 @@
       :OUTPUT ACCEPT [0:0]
       -A POSTROUTING -o {{wan_interface}} -j MASQUERADE
       COMMIT
-    dest: /etc/network/iptables.up.rules
+    dest: /etc/iptables/rules.v4
   register: iptables_up_rules
 
 - name: apply iptables rules
-  iptables:
-    table: nat
-    chain: POSTROUTING
-    out_interface: "{{ wan_interface }}"
-    jump: MASQUERADE
+  shell: iptables-restore /etc/iptables/rules.v4
+  when: iptables_up_rules.changed
 
 - name: enable ip forwarding
   sysctl: