From ac596baca9cd057dc31b5710eb499bb1150d8749 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 27 Oct 2022 18:27:43 +0000
Subject: [PATCH] base: Use nftables for el9 and newer

---
 roles/base/tasks/RedHat.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/roles/base/tasks/RedHat.yml b/roles/base/tasks/RedHat.yml
index 6ccab57..344ecc8 100644
--- a/roles/base/tasks/RedHat.yml
+++ b/roles/base/tasks/RedHat.yml
@@ -8,11 +8,20 @@
     name: "{{ role }}"
   with_items:
     - selinux        # selinux first to get fcontexts working
-    - iptables
     - rsyslog
   loop_control:
     loop_var: role
 
+- name: install firewall
+  ansible.builtin.include_role:
+    name: iptables
+  when: ansible_distribution_major_version|int <= 8
+
+- name: install firewall
+  ansible.builtin.include_role:
+    name: nftables
+  when: ansible_distribution_major_version|int >= 9
+
 - name: fix selinux context from /export
   community.general.sefcontext:
     path: "/export"