Linuxfabrik
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎COMPATIBILITY.md‎
Lines changed: 1 addition & 1 deletion b/‎COMPATIBILITY.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎roles/firewall/tasks/Fedora.yml‎
Lines changed: 0 additions & 10 deletions b/‎roles/firewall/tasks/Fedora.yml‎
Lines changed: 0 additions & 10 deletions
diff --git a/‎roles/firewall/tasks/RedHat8.yml‎
Lines changed: 0 additions & 10 deletions b/‎roles/firewall/tasks/RedHat8.yml‎
Lines changed: 0 additions & 10 deletions
diff --git a/‎roles/firewall/tasks/RedHat9.yml‎
Lines changed: 0 additions & 10 deletions b/‎roles/firewall/tasks/RedHat9.yml‎
Lines changed: 0 additions & 10 deletions
diff --git a/‎roles/firewall/tasks/main.yml‎
Lines changed: 4 additions & 2 deletions b/‎roles/firewall/tasks/main.yml‎
Lines changed: 4 additions & 2 deletions
@@ -41,6 +41,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+* **role:firewall**: Install `nftables` together with `iptables` for `firewall__firewall == "fwbuilder"` on all distros (previously only installed via per-distro task files on Fedora and RHEL 8/9). The redundant `tasks/Fedora.yml`, `tasks/RedHat8.yml` and `tasks/RedHat9.yml` were removed.
 * **role:graylog_server**: Update `server.conf` templates to include `telemetry_enabled = false`.
 * **role:keepalived**: Document role scope in the README. The role intentionally covers only a minimal VRRP setup (single `vrrp_instance`, single `virtual_ipaddress`, PASS auth, `smtp_alert`). It does not set the `net.ipv4.ip_nonlocal_bind` sysctl and does not open the firewall for VRRP; pointers to the `kernel_settings` and `firewall` roles are included
 * **all roles**: Rewrite all role READMEs to use the new standard format: replace markdown tables with bullet lists for tags and variables, convert HTML/blockquote subkeys to expanded indented format, standardize terminology (`Bool` not `Boolean`, `Mandatory` not `Required`)
 
@@ -38,7 +38,7 @@ exoscale_vm                          |    |    |   |   |    |       |       | Fe
 fail2ban                             |    |    | x | x |    |       |       |
 fangfrisch                           |    |    |   | x |    |       |       |
 files                                |    |    | x | x | x  |       |       |
-firewall                             |    |    | x | x |    |       |       |
+firewall                             | x  | x  | x | x | x  |   x   |   x   |
 freeipa_client                       |    |    | x | x | x  |       |       |
 freeipa_server                       |    |    | x | x | x  |       |       |
 github_project_createrepo            |    |    | x |   |    |       |       |
 
@@ -185,9 +185,11 @@
 
 - block:
 
-  - name: 'Make sure iptables is installed (required for fwb)'
+  - name: 'Make sure iptables and nftables are installed (required for fwb)'
     ansible.builtin.package:
-      name: 'iptables'
+      name:
+        - 'iptables'
+        - 'nftables'
       state: 'present'
 
   # You can't enable and start fwb.service at the same time - `/etc/fwb.sh start`