Merge pull request #7417 from freedomofpress/stg-iptables-mon

Ensure /etc/iptables exists before writing to it

install_files/ansible-base/roles/restrict-direct-access/tasks/iptables.yml

@@ -41,6 +41,19 @@
     admin_net_cidr: "{{ '/'.join([admin_net_info.network, admin_net_info.netmask])|ipaddr('cidr') }}"
   delegate_to: localhost
 
+- name: Check iptables-persistent was installed
+  stat:
+    path: /etc/iptables/
+  register: etc_iptables_check
+
+- name: Install iptables-persistent if needed
+  apt:
+    name: iptables-persistent
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+  when: not etc_iptables_check.stat.exists
+
 - name: Copy IPv4 iptables rules.
   template:
     src: rules_v4