---

# TODO: find a cleaner way to handle this
# because if we flush filter and input policy is set to DROP
# then ansible next ssh cnx for next task will not work
- name: Set Policy
  ansible.builtin.iptables:
    chain: INPUT
    policy: ACCEPT
    ip_version: "{{ ip_version }}"
  tags:
    - molecule-idempotence-notest

# we want to flush because we don't want to save fail2ban or docker rule
- name: Flush Tables
  ansible.builtin.iptables:
    table: "{{ item }}"
    flush: yes
    ip_version: "{{ ip_version }}"
  loop:  "{{ iptables_tables_to_clean }}"
  tags:
    - molecule-idempotence-notest # as if we flush again, future rules will be re-applied