flush handlers and rerun setup to get new IP addresses as facts before proceeding
Change-Id: Icc0031ff8c88968ed6bec3118474b702a1f9b152
diff --git a/tasks/Debian.yml b/tasks/Debian.yml
index 132785a..52d7e9f 100644
--- a/tasks/Debian.yml
+++ b/tasks/Debian.yml
@@ -13,7 +13,6 @@
update_cache: true
cache_valid_time: 3600
-
- name: Enable sysctl for IPv4 forwarding
sysctl:
name: net.ipv4.ip_forward
diff --git a/tasks/main.yml b/tasks/main.yml
index b0498a0..855c7fe 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,3 +9,9 @@
- name: include OS-specific tasks
include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Flush handlers to set up network
+ meta: flush_handlers
+
+- name: Re-run setup so facts reflect new IP addresses
+ setup:
diff --git a/templates/nftables.conf.j2 b/templates/nftables.conf.j2
index d24b47f..95c1439 100644
--- a/templates/nftables.conf.j2
+++ b/templates/nftables.conf.j2
@@ -8,25 +8,28 @@
# Primary rules
table inet filter {
- chain input {
- type filter hook input priority 0;
- }
- chain forward {
- type filter hook forward priority 0;
- }
- chain output {
- type filter hook output priority 0;
- }
+ chain input {
+ type filter hook input priority 0;
+ }
+ chain forward {
+ type filter hook forward priority 0;
+ }
+ chain output {
+ type filter hook output priority 0;
+ }
}
# NAT
table ip nat {
- chain prerouting {
- type nat hook prerouting priority -100;
- }
+ chain prerouting {
+ type nat hook prerouting priority -100;
+ }
- chain postrouting {
- type nat hook postrouting priority 100;
- oifname "{{ netprep_nat_if }}" masquerade;
- }
+ chain postrouting {
+ type nat hook postrouting priority 100;
+ oifname "{{ netprep_nat_if }}" masquerade;
+{% if netprep_nftables_nat_postrouting %}
+{{ netprep_nftables_nat_postrouting | indent(width=4) }}
+{% endif %}
+ }
}