---

- name: "4.4.1.1 | PATCH | Ensure iptables packages are installed"
  when:
    - ubtu24cis_rule_4_4_1_1
    - ubtu24cis_firewall_package == "iptables"
  tags:
    - level1-server
    - level1-workstation
    - patch
    - rule_4.4.1.1
    - NIST800-53R5_CA-9
    - NIST800-53R5_SC-7
    - iptables
  ansible.builtin.package:
    name: ['iptables', 'iptables-persistent']
    state: present

- name: "4.4.1.2 | PATCH | Ensure nftables is not installed with iptables"
  when:
    - ubtu24cis_rule_4_4_1_2
    - ubtu24cis_firewall_package == "iptables"
  tags:
    - level1-server
    - level1-workstation
    - patch
    - rule_4.4.1.2
    - NIST800-53R5_CA-9
    - NIST800-53R5_SC-7
    - iptables
  ansible.builtin.package:
    name: nftables
    state: absent
    purge: "{{ ubtu24cis_purge_apt }}"

- name: "4.4.1.3 | PATCH | Ensure ufw is uninstalled or disabled with iptables"
  when:
    - ubtu24cis_rule_4_4_1_3
    - ubtu24cis_firewall_package == "iptables"
  tags:
    - level1-server
    - level1-workstation
    - patch
    - rule_4.4.1.3
    - NIST800-53R5_CA-9
    - NIST800-53R5_SC-7
    - iptables
  ansible.builtin.package:
    name: ufw
    state: absent