---
- name: Install nftables
  apt:
    name:
      - nftables

- name: Configure nftables
  template:
    src: nftables.conf.j2
    dest: /etc/nftables.conf
    validate: "nft -c -f %s"
    owner: root
    group: root
    mode: u=rw,g=r,o=
  notify:
    - Reload nftables

- name: Enable and start nftables
  systemd:
    name: nftables.service
    enabled: true
    state: started
...