From f2d586c176bf941684551b5e57f435489fb7f772 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?=
 <jeremy.gardais@univ-rennes1.fr>
Date: Fri, 18 Aug 2017 09:25:28 +0200
Subject: [PATCH] =?UTF-8?q?Ensure=20to=20remove=20old=20packages=20(iptabl?=
 =?UTF-8?q?es,=E2=80=A6).?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md      | 3 +++
 README.md         | 7 +++++--
 defaults/main.yml | 3 +++
 tasks/main.yml    | 9 ++++++++-
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9804b2c..461487d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,9 @@
 
 ## v1.2
 
+### Features
+* Ensure to remove old packages (iptables,…).
+
 ### Fixes
 * Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
 
diff --git a/README.md b/README.md
index ec91d59..a9c4d60 100644
--- a/README.md
+++ b/README.md
@@ -7,8 +7,8 @@
 3. [Example Playbook](#example-playbook)
 4. [Configuration](#configuration)
 5. [Development](#development)
-5. [License](#license)
-6. [Author Information](#author-information)
+6. [License](#license)
+7. [Author Information](#author-information)
 
 ## Overview
 
@@ -20,6 +20,9 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
 
 * **nft_pkg_manage** : If `nftables` package(s) should be managed with this role [default : `true`].
 * **nft_pkg_state** : State of new `nftables` package(s) [default : `installed`].
+* **nft_old_pkg_list** : The list of useless packages to remove (such as Iptables,…) [default : `iptables`].
+* **nft_old_pkg_state** : State of old package(s) [default : `absent`].
+* **nft_old_pkg_manage** : If old package(s) should be managed with this role [default : `true`].
 * **nft_conf_dir_path** : Directory to store the differents Nftables configuration files [default : `/etc/nftables.d`].
 * **nft_main_conf_path** : Main configuration file loaded by systemd unit [default : `/etc/nftables.conf`].
 * **nft_main_conf_content** : Template used to generate the previous main configuration file [default : `etc/nftables.conf.j2`].
diff --git a/defaults/main.yml b/defaults/main.yml
index 7ff64f0..c892691 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,6 +4,9 @@
 # packages
 nft_pkg_manage: true
 nft_pkg_state: 'installed'
+nft_old_pkg_list: 'iptables'
+nft_old_pkg_state: 'absent'
+nft_old_pkg_manage: true
 
 # files
 nft_conf_dir_path: '/etc/nftables.d'
diff --git a/tasks/main.yml b/tasks/main.yml
index ecceff0..05932df 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,7 +9,7 @@
     - "{{ ansible_os_family|lower }}.yml"
 
 # package {{{
-- name: Manage packages
+- name: INSTALL Manage nftables packages
   package:
     name: '{{ item }}'
     state: '{{ nft_pkg_state }}'
@@ -17,6 +17,13 @@
     - '{{ nft_pkg_list }}'
   when: nft_pkg_manage
 
+- name: INSTALL Remove iptables packages
+  apt:
+    name: '{{ item }}'
+    state: '{{ nft_old_pkg_state }}'
+  with_items:
+    - '{{ nft_old_pkg_list }}'
+  when: nft_old_pkg_manage
 # }}}
 
 # conf {{{