ansible/roles/nftables_infra/tasks/main.yml

---
- name: Install nftables
  apt:
    name: nftables

- name: Create configuration directory
  file:
    path: /etc/nftables.d
    state: directory
    owner: root
    group: root
    mode: u=rwx,g=rx,o=rx

- name: Configure nftables
  template:
    src: "{{ item }}.j2"
    dest: "/etc/{{ item }}"
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  loop:
    - nftables.conf
    - nftables.d/10-vars.conf
    - nftables.d/20-blacklist.conf
    - nftables.d/30-reverse-path-filter.conf
    - nftables.d/40-input.conf
    - nftables.d/50-output.conf
    - nftables.d/60-forward.conf
    - nftables.d/70-nat.conf
  notify:
    - Reload nftables

- name: Enable and start nftables
  systemd:
    name: nftables.service
    enabled: true
    state: started
...