--- - name: Ensure firewalld service is not enabled systemd: name: firewalld state: stopped enabled: no masked: yes register: task_result failed_when: - task_result is failed - ('could not' not in task_result.msg|lower) - name: Wait 10 seconds after disabling firewalld pause: seconds: 10 when: task_result is changed - name: Install iptables packages package: name: "{{ item }}" state: present with_items: - iptables - iptables-services when: not r_os_firewall_is_atomic | bool register: result until: result is succeeded - name: Start and enable iptables service systemd: name: iptables state: started enabled: yes masked: no daemon_reload: yes register: result delegate_to: "{{item}}" run_once: true with_items: "{{ ansible_play_batch }}" - name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail pause: seconds: 10 when: result is changed