---

# restart iptables
- name: "restart iptables"
  ansible.builtin.service:
    name: "iptables"
    state: "restarted"

# apply local routes
- name: "apply routes"
  ansible.builtin.shell:
    cmd: |
      {% for route in static_routes %}
      ip route replace {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}
      {% endfor %}
  when: "static_routes | length > 0"
  changed_when: false