- name:
  become: true
  block:
    - name: Install package nftables
      apt:
        name: nftables

    - name: Template nftables.conf to /etc/nftables.conf
      template:
        src: nftables.conf
        dest: /etc/nftables.conf
        owner: root
        group: root
        mode: '755'
      register: nftables_template_conf_result

    - name: Restart nftables service
      service:
        name: nftables
        state: restarted
        enabled: true
      when: nftables_template_conf_result['changed']