syntax and failed_when on check

commit: 61e17e539b98efa5af4072d1d909cfee9ef6a721 [log] [tgz]
author: Zack Williams <zdw@artisancomputer.com> Mon May 16 14:40:52 2016 -0700
committer: Zack Williams <zdw@artisancomputer.com> Mon May 16 14:40:52 2016 -0700
tree: 2f2ac47fc1c4aa4016a111dab496fc335863bc91
parent: 4a9b1ad3f0edecc6e558e93c29a3a0f7c5ea2162 [diff]
diff --git a/roles/simulate-fabric/files/simulate-fabric-playbook.yml b/roles/simulate-fabric/files/simulate-fabric-playbook.yml
index 821d6b6..6f24f42 100644
--- a/roles/simulate-fabric/files/simulate-fabric-playbook.yml
+++ b/roles/simulate-fabric/files/simulate-fabric-playbook.yml

@@ -58,12 +58,13 @@
        - interfaces
 
     - name: Check for iptables rule
-      command: "iptables -t nat -C POSTROUTING -s 10.168.0.0/16 \! -d 10.168.0.0/16 -j MASQUERADE"
+      command: "iptables -t nat -C POSTROUTING -s 10.168.0.0/16 ! -d 10.168.0.0/16 -j MASQUERADE"
       register: iptables_check
+      failed_when: "iptables_check|failed and 'No chain/target/match by that name' not in iptables_check.stderr"
 
     - name: Create iptables rule
       when: "iptables_check.rc != 0"
-      command: "iptables -t nat -C POSTROUTING -s 10.168.0.0/16 \! -d 10.168.0.0/16 -j MASQUERADE"
+      command: "iptables -t nat -A POSTROUTING -s 10.168.0.0/16 ! -d 10.168.0.0/16 -j MASQUERADE"
 
 # the below will likely work when this pull makes it into ansible:
 # https://github.com/ansible/ansible-modules-extras/pull/1685
commit	61e17e539b98efa5af4072d1d909cfee9ef6a721	[log] [tgz]
author	Zack Williams <zdw@artisancomputer.com>	Mon May 16 14:40:52 2016 -0700
committer	Zack Williams <zdw@artisancomputer.com>	Mon May 16 14:40:52 2016 -0700
tree	2f2ac47fc1c4aa4016a111dab496fc335863bc91
parent	4a9b1ad3f0edecc6e558e93c29a3a0f7c5ea2162 [diff]