Enhancement: Role will now always attempt to unmask on role execution add variable 'firewall_disable_conflicting_services' to give the option of disabling of known conflicting services - Set to false by default Update README to document the following behavior of the system role: - linux-system-roles.firewall will attempt to install, unmask, and enable firewalld - linux-system-roles.firewall can attempt to disable directly conflicting services to firewalld - and that is enabled by setting the variable 'firewall_disable_conflicting_services' to true - list of conflicting services present in vars/main.yml test cases for these changes in tests/tests_default.yml Reason: role currently fails if firewalld was masked on run conflicting services have the potential to cause errors on role run - set to false by default due to runtime overhead associated with disabling conflicting services. An example of where this overhead may be a problem is our integration tests that have no need to use the feature. - Reason for specific implementation - ansible.builtin.service module fails when run to manage services that are not installed on the system, causing errors. While ignoring errors is a potential solution, it seemed like an improper solution as it would not be able to differentiate between an installed service that failing to be stopped and disabled vs a disable that failed due to not being installed. Result: - role no longer fails if firewalld is masked - users have the option to disable conflicting services (iptables.service, nftables.service, ufw.service respectively) Issue Tracker Tickets (Jira or BZ if any): - Addresses GitHub Issues: #103, #136