---

- name: "install iptables"
  community.general.apk:
    name:
      - "iptables"
    state: "present"
    update_cache: true

- name: "configure ipv4 forwarding"
  ansible.posix.sysctl:
    name: "net.ipv4.conf.all.forwarding"
    value: "1"
    state: "present"
    sysctl_file: "/etc/sysctl.conf"
    reload: false

- name: "disable ipv4 redirects and source routing"
  ansible.posix.sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: "present"
    sysctl_file: "/etc/sysctl.conf"
    reload: false
  loop:
    - name: "net.ipv4.conf.all.accept_redirects"
      value: "0"
    - name: "net.ipv4.conf.all.send_redirects"
      value: "0"
    - name: "net.ipv4.conf.all.accept_source_route"
      value: "0"
    - name: "net.ipv4.conf.all.log_martians"
      value: "0"