- name: Install iptables-persistent
  ansible.builtin.apt:
    name:
      - iptables
      - iptables-persistent
    state: present

- name: Filter FORWARD packets
  ansible.builtin.iptables:
    chain: FORWARD
    jump: DROP
    in_interface: "{{ wireguard_interface }}"
    out_interface: "{{ other_interface }}"
  when:
    - filter_forward | bool
    - other_interface | length > 0


- name: Setup ipv4 IP forward
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: true
    reload: true

- name: Save current firewall state
  community.general.iptables_state:
    state: saved
    path: /etc/iptables/rules.v4
  when:
    - filter_forward | bool
    - other_interface | length > 0