---

# install nftables
- name: "routing - install nftables"
  community.general.apk:
    name:
      - "nftables"
    state: "present"
    update_cache: true

# enable ipv4 forwarding
- name: "routing - configure ipv4 forwarding"
  ansible.posix.sysctl:
    name: "net.ipv4.conf.all.forwarding"
    value: "1"
    state: "present"
    sysctl_file: "/etc/sysctl.conf"
    reload: false

# disable ipv4 redirects and source routing
- name: "routing - disable ipv4 redirects and source routing"
  ansible.posix.sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: "present"
    sysctl_file: "/etc/sysctl.conf"
    reload: false
  loop:
    - name: "net.ipv4.conf.all.accept_redirects"
      value: "0"
    - name: "net.ipv4.conf.all.send_redirects"
      value: "0"
    - name: "net.ipv4.conf.all.accept_source_route"
      value: "0"
    - name: "net.ipv4.conf.all.log_martians"
      value: "0"