From 9452fd4b094d41d9aacb3d9480ac4b45381d22a6 Mon Sep 17 00:00:00 2001
From: Markus Fischbacher <fischbacher.markus@gmail.com>
Date: Tue, 19 May 2020 09:13:29 +0200
Subject: [PATCH 1/4] iptables-legacy for Raspian Buster

---
 roles/raspbian/tasks/main.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/roles/raspbian/tasks/main.yml b/roles/raspbian/tasks/main.yml
index 3c51075..69800e9 100644
--- a/roles/raspbian/tasks/main.yml
+++ b/roles/raspbian/tasks/main.yml
@@ -16,8 +16,35 @@
     - ansible_facts.architecture is search("arm")
   register: boot_cmdline
 
+- name: Flush iptables before changing iptables-legacy
+  shell:
+    cmd: 'iptables -F'
+  register: flush_iptables
+  changed_when:
+    - flush_iptables.rc == 0 and flush_iptables.stdout != ""
+  when:
+    - ansible_facts.distribution_release is search("buster")
+
+- name: Changing to iptables-legacy for Raspbian Buster
+  alternatives:
+    path: /usr/sbin/iptables-legacy
+    name: iptables
+  register: ip6_legacy
+  when:
+    - ansible_facts.distribution_release is search("buster")
+
+- name: Changing to ip6tables-legacy for Raspbian Buster
+  alternatives:
+    path: /usr/sbin/ip6tables-legacy
+    name: ip6tables
+  register: ip4_legacy
+  when:
+    - ansible_facts.distribution_release is search("buster")
+
 - name: Rebooting on Raspbian
   reboot:
   when:
     - boot_cmdline is changed
     - ansible_facts.architecture is search("arm")
+    - ip6_legacy is changed
+    - ip4_legacy is changed

From bdd2d21dfc33590defc4a1055d4378baf247bac5 Mon Sep 17 00:00:00 2001
From: Markus Fischbacher <fischbacher.markus@gmail.com>
Date: Tue, 19 May 2020 09:22:51 +0200
Subject: [PATCH 2/4] fix ansible-lint error

---
 roles/raspbian/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/raspbian/tasks/main.yml b/roles/raspbian/tasks/main.yml
index 69800e9..86b222a 100644
--- a/roles/raspbian/tasks/main.yml
+++ b/roles/raspbian/tasks/main.yml
@@ -21,7 +21,7 @@
     cmd: 'iptables -F'
   register: flush_iptables
   changed_when:
-    - flush_iptables.rc == 0 and flush_iptables.stdout != ""
+    - flush_iptables.rc == 0 and flush_iptables.stdout_lines.count == 0
   when:
     - ansible_facts.distribution_release is search("buster")
 

From 02e9b3607d57df57e5cc0b801346921e02fd65bd Mon Sep 17 00:00:00 2001
From: Markus Fischbacher <fischbacher.markus@gmail.com>
Date: Tue, 19 May 2020 09:36:53 +0200
Subject: [PATCH 3/4] change to native ansible iptables flush

---
 roles/raspbian/tasks/main.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/roles/raspbian/tasks/main.yml b/roles/raspbian/tasks/main.yml
index 86b222a..05909fa 100644
--- a/roles/raspbian/tasks/main.yml
+++ b/roles/raspbian/tasks/main.yml
@@ -17,11 +17,8 @@
   register: boot_cmdline
 
 - name: Flush iptables before changing iptables-legacy
-  shell:
-    cmd: 'iptables -F'
-  register: flush_iptables
-  changed_when:
-    - flush_iptables.rc == 0 and flush_iptables.stdout_lines.count == 0
+  iptables:
+    flush: true
   when:
     - ansible_facts.distribution_release is search("buster")
 

From 5d92b0ac41ec56b370301fd2fb6d6cccee98e020 Mon Sep 17 00:00:00 2001
From: Markus Fischbacher <fischbacher.markus@gmail.com>
Date: Tue, 19 May 2020 17:15:40 +0200
Subject: [PATCH 4/4] make sure its Raspbian Buster

---
 roles/raspbian/tasks/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/raspbian/tasks/main.yml b/roles/raspbian/tasks/main.yml
index 05909fa..9fcd127 100644
--- a/roles/raspbian/tasks/main.yml
+++ b/roles/raspbian/tasks/main.yml
@@ -20,7 +20,7 @@
   iptables:
     flush: true
   when:
-    - ansible_facts.distribution_release is search("buster")
+    - ansible_facts.lsb.description is match("[Rr]aspbian.*[Bb]uster")
 
 - name: Changing to iptables-legacy for Raspbian Buster
   alternatives:
@@ -28,7 +28,7 @@
     name: iptables
   register: ip6_legacy
   when:
-    - ansible_facts.distribution_release is search("buster")
+    - ansible_facts.lsb.description is match("[Rr]aspbian.*[Bb]uster")
 
 - name: Changing to ip6tables-legacy for Raspbian Buster
   alternatives:
@@ -36,7 +36,7 @@
     name: ip6tables
   register: ip4_legacy
   when:
-    - ansible_facts.distribution_release is search("buster")
+    - ansible_facts.lsb.description is match("[Rr]aspbian.*[Bb]uster")
 
 - name: Rebooting on Raspbian
   reboot: