Add tests for iptables role

tests/test.yml

@@ -11,6 +11,11 @@
       - tcp dport ssh ct state new limit rate 15/minute accept comment "Accept SSH on port 22 but avoid brute force"
       - tcp dport { http, https } accept comment "Accept HTTP (ports 80, 443)"
       - tcp dport { submission, imaps } accept comment "Accept SSMTP and IMAPS"
+    iptables_output_policy: accept
+    iptables_rules:
+      - -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+      - -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+      - -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
     admin_user: administrator
     admin_password: the_secret_password
     admin_key_file: ~/.ssh/test/id_rsa.pub
@@ -20,10 +25,12 @@
     # - ../roles/apt_dist_upgrade
     - ../roles/common
     - ../roles/hostname
-    - ../roles/nftables
+    # - ../roles/nftables
+    - ../roles/iptables
     - ../roles/sshd
     - ../roles/fail2ban
-    - ../roles/admin
+    # - ../roles/admin
+    # - ../roles/docker
     # - {role: ../roles/snake_oil_dehydrated, become: true}
     # - {role: ../roles/mailserver}
     # - {role: ../roles/weechat}
@@ -41,7 +48,6 @@
     # - {role: ../roles/generate_ca, become: true}
     # - {role: ../roles/generate_certificate, become: true}
     # - {role: ../roles/gitea, become: true}
-    # - ../roles/docker
     # - ../roles/dokku
     # The easy ports sequece is just for test. Also don't disable strict IP
     # filtering on production.