nft role + disable iptables when nft enabled

roles/nft/defaults/main.yaml

@@ -0,0 +1,33 @@
+---
+
+nft: false  # totdat alles om is
+nft_main_config:            "/etc/nftables.conf"
+
+# Default policies per chain ( drop / reject / accept )
+nft_policy_input:           "drop"
+nft_policy_forward:         "accept"
+nft_policy_output:          "accept"
+# Same for nat traffic
+nft_policy_prerouting:  "accept"
+nft_policy_postrouting: "accept"
+
+# Host/Port allows
+nft_group_rules: []
+
+# And per host/group additions to rules:
+group_nft_input: []
+group_nft_forward: []
+group_nft_output: []
+
+host_nft_input: []
+host_nft_forward: []
+host_nft_output: []
+
+group_nft_postrouting: []
+host_nft_postrouting: []
+group_nft_prerouting: []
+host_nft_prerouting: []
+
+nft_defines: []
+nft_defines_group: []
+