base: Use nftables for el9 and newer

roles/base/tasks/RedHat.yml

@@ -8,11 +8,20 @@
     name: "{{ role }}"
   with_items:
     - selinux        # selinux first to get fcontexts working
-    - iptables
     - rsyslog
   loop_control:
     loop_var: role
 
+- name: install firewall
+  ansible.builtin.include_role:
+    name: iptables
+  when: ansible_distribution_major_version|int <= 8
+
+- name: install firewall
+  ansible.builtin.include_role:
+    name: nftables
+  when: ansible_distribution_major_version|int >= 9
+
 - name: fix selinux context from /export
   community.general.sefcontext:
     path: "/export"