From 51a1f0862427c7e03880088cc2d6513b692ddd3f Mon Sep 17 00:00:00 2001
From: Sassan torabkheslat <inbox@sassan.info>
Date: Thu, 25 Sep 2025 05:14:15 +0200
Subject: [PATCH] reset: set v4/v6 default policies to ACCEPT and drop user
 chains (#12552)

---
 roles/reset/tasks/main.yml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 52047b321..c66ff2a97 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -188,6 +188,18 @@
   tags:
     - mounts
 
+- name: Set IPv4 iptables default policies to ACCEPT
+  iptables:
+    chain: "{{ item }}"
+    policy: ACCEPT
+  with_items:
+    - INPUT
+    - FORWARD
+    - OUTPUT
+  when: flush_iptables | bool and ipv4_stack
+  tags:
+    - iptables
+
 - name: Flush iptables
   iptables:
     table: "{{ item }}"
@@ -201,6 +213,25 @@
   tags:
     - iptables
 
+- name: Delete IPv4 user-defined chains # noqa command-instead-of-module
+  command: iptables -X
+  when: flush_iptables | bool and ipv4_stack
+  tags:
+    - iptables
+
+- name: Set IPv6 ip6tables default policies to ACCEPT
+  iptables:
+    chain: "{{ item }}"
+    policy: ACCEPT
+    ip_version: ipv6
+  with_items:
+    - INPUT
+    - FORWARD
+    - OUTPUT
+  when: flush_iptables | bool and ipv6_stack
+  tags:
+    - ip6tables
+
 - name: Flush ip6tables
   iptables:
     table: "{{ item }}"
@@ -215,6 +246,12 @@
   tags:
     - ip6tables
 
+- name: Delete IPv6 user-defined chains # noqa command-instead-of-module
+  command: ip6tables -X
+  when: flush_iptables | bool and ipv6_stack
+  tags:
+    - ip6tables
+
 - name: Clear IPVS virtual server table
   command: "ipvsadm -C"
   ignore_errors: true  # noqa ignore-errors