--- # This is an example playbook to execute Ansible tests. - name: Verify hosts: all gather_facts: false tasks: - name: list rules command: nft list ruleset register: nft - name: debug rules debug: var=nft - name: check rules assert: that: # The whole line is: # type filter hook input priority 0; policy drop; # However on CentOS will return "priority 0", while Debian will # show "priority filter" - '"type filter hook input" in nft.stdout' - '"type filter hook output" in nft.stdout' - name: service status - active command: systemctl is-active nftables.service register: status - name: check service status assert: that: - 'status.stdout == "active"' - name: service status - enabled command: systemctl is-enabled nftables.service register: status - name: check service status assert: that: - 'status.stdout == "enabled"'