get rid of deprecated code.

group_vars/all/main.yml

@@ -745,7 +745,6 @@ apt_initial_install_trixie:
   - patchutils
   - perl
   - perl-doc
-  - perl-modules
   - psmisc
   - quota
   - quotatool

hosts

@@ -2,13 +2,24 @@ formbricks-nd.oopen.de
 #[so36_server_dehydrated]
 #comm.so36.net ansible_user=ckubu
 #noc.so36.net ansible_user=ckubu
-rage.so36.net ansible_user=ckubu
 #rubyhost.so36.net ansible_user=ckubu
 #sympa.so36.net ansible_user=ckubu
 #schleuder3.so36.net ansible_user=ckubu
 #site36.net ansible_user=ckubu
 #web.so36.net ansible_user=ckubu
 [so36_server]
+backup.so36.net ansible_user=ckubu
+comm.so36.net ansible_user=ckubu
+devnull.so36.net ansible_user=ckubu
+ns.so36net.de ansible_user=ckubu
+rage.so36.net ansible_user=ckubu
+resolver-b.so36.net ansible_user=ckubu
+resolver-a.so36.net ansible_user=ckubu
+schleuder3.so36.net ansible_user=ckubu
+shell.so36.net ansible_user=ckubu
+site36.net ansible_user=ckubu
+sympa.so36.net ansible_user=ckubu
+web.so36.net ansible_user=ckubu
 
 #kvm05.so36.net ansible_ssh_user=ckubu ansible_ssh_port=1036
 #kvm13.so36.net ansible_ssh_user=ckubu ansible_ssh_port=1036
@@ -19,14 +30,12 @@ lxc-host-kb.anw-kb.netz
 o13-git.oopen.de
 o13-staging-board.oopen.de
 o25.oopen.de
-o33.oopen.de
 o41.oopen.de
 dc-opp.oopen.de
 discourse.oopen.de
 test-nd.oopen.de
 formbricks-nd.oopen.de
-
-ga-st-mm.ga.netz
+cl-lubax.oopen.de
 
 [dns_sinma]
 
@@ -55,6 +64,7 @@ gw-irights.oopen.de
 gw-km.oopen.de
 gw-mbr.oopen.de
 gw-opp.oopen.de
+gw-opp-neu.opp.netz
 gw-spr.oopen.de
 gw-kb.oopen.de
 
@@ -86,7 +96,6 @@ ga-gh-gw.oopen.de
 gw-campus.oopen.de
 ga-st-lxc1.ga.netz
 ga-st-mail.ga.netz
-ga-st-mm.ga.netz
 ga-al-relay.ga.netz
 ga-st-kvm1.ga.netz
 ga-al-kvm2.ga.netz
@@ -218,7 +227,6 @@ web.cadus.org
 cl-lubax.oopen.de
 
 # BigBlueButton - O.OPEN
-o33.oopen.de
 
 # Nextcloud / DokuWiki VBER
 o34.oopen.de
@@ -398,7 +406,6 @@ mm-migration.oopen.de
 o24.oopen.de
 cl-irights.oopen.de
 cl-irights-neu.oopen.de
-ga-st-mm.ga.netz
 
 # IL - PAD
 o25.oopen.de
@@ -432,7 +439,6 @@ web.cadus.org
 cl-lubax.oopen.de
 
 # BigBlueButton - O.OPEN
-o33.oopen.de
 
 # Nextcloud / DokuWiki VBER
 o34.oopen.de
@@ -569,6 +575,7 @@ gw-mbr.oopen.de
 
 # OPP
 gw-opp.oopen.de
+gw-opp-neu.opp.netz
 zapata.opp.netz
 
 # Sprachenatelier
@@ -588,7 +595,6 @@ gw-campus.oopen.de
 
 ga-st-lxc1.ga.netz
 ga-st-mail.ga.netz
-ga-st-mm.ga.netz
 ga-al-relay.ga.netz
 ga-st-services.ga.netz
 ga-al-ws1.ga.netz
@@ -877,7 +883,6 @@ mm-migration.oopen.de
 
 # o24.oopen.de
 mm-irights.oopen.de
-ga-st-mm.ga.netz
 
 # Hetzner Cloud CX31 - AK
 
@@ -918,7 +923,6 @@ web-nd.oopen.de
 
 # GA - Gemeinschaft Altensclirf
 ga-st-services.ga.netz
-ga-st-mm.ga.netz
 
 # ---
 # Warenform server
@@ -1012,7 +1016,6 @@ mm-migration.oopen.de
 
 # o24.oopen.de
 mm-irights.oopen.de
-ga-st-mm.ga.netz
 
 # o27.oopen.de
 mail.faire-mobilitaet.de
@@ -1037,7 +1040,6 @@ g.mx.oopen.de
 
 # - GA - Gemeinschaft Altensclirf
 ga-st-mail.ga.netz
-ga-st-mm.ga.netz
 ga-al-relay.ga.netz
 
 # ---
@@ -1074,7 +1076,7 @@ stolpersteine.oopen.de
 
 # o13.oopen.de
 o13-staging-board.oopen.de
-o13-mail.oopen.de
+#o13-mail.oopen.de
 o13-web.oopen.de
 
 # Freiheit für daniela
@@ -1110,7 +1112,6 @@ mm-migration.oopen.de
 cl-irights.oopen.de
 cl-irights-neu.oopen.de
 mm-irights.oopen.de
-ga-st-mm.ga.netz
 
 # Hetzner Cloud CX31 - AK
 
@@ -1603,7 +1604,6 @@ mm-migration.oopen.de
 cl-irights.oopen.de
 cl-irights-neu.oopen.de
 mm-irights.oopen.de
-ga-st-mm.ga.netz
 
 # - o27.oopen.de
 cl-fm.oopen.de
@@ -1619,7 +1619,6 @@ meet.akweb.de
 cloud.akweb.de
 
 # BigBlueButton - O.OPEN
-o33.oopen.de
 
 # Nextcloud / DokuWiki VBER
 o34.oopen.de
@@ -1686,7 +1685,6 @@ zapata.opp.netz
 
 # - GA - Gemeinschaft Altensclirf
 ga-st-mail.ga.netz
-ga-st-mm.ga.netz
 ga-al-relay.ga.netz
 ga-st-services.ga.netz
 
@@ -1844,7 +1842,6 @@ web.cadus.org
 cl-lubax.oopen.de
 
 # BigBlueButton - O.OPEN
-o33.oopen.de
 
 # Nextcloud / DokuWiki VBER
 o34.oopen.de
@@ -1903,7 +1900,6 @@ web-nd.oopen.de
 test-nd.oopen.de
 
 # Gemeinchaft Altenschlirf
-ga-st-mm.ga.netz
 
 
 lxc-host-kb.anw-kb.netz
@@ -1955,6 +1951,7 @@ gw-irights.oopen.de
 gw-km.oopen.de
 gw-mbr.oopen.de
 gw-opp.oopen.de
+gw-opp-neu.opp.netz
 gw-spr.oopen.de
 
 gw-kb.oopen.de

modify-ipt-server.yml

@@ -4,5 +4,6 @@
 - hosts:
     - oopen_server
     - warenform_server
+    - so36_server
   roles:
     - modify-ipt-server

roles/common/tasks/apt.yml

@@ -167,7 +167,7 @@
   apt:
     name: "{{ microcode_package }}"
     state: present
-    default_release: "{{ ansible_distribution_release }}-backports"
+    default_release: "{{ ansible_facts['distribution_release'] }}-backports"
   when:
     - ansible_facts['distribution'] == "Debian"
     - ansible_facts['distribution_major_version'] == "9"
@@ -181,7 +181,7 @@
   apt:
     name: "{{ microcode_package }}"
     state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
   when:
     - ansible_facts['distribution'] == "Debian"
     - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"  or ansible_facts['distribution_major_version'] == "12" or ansible_facts['distribution_major_version'] == "13"
@@ -195,7 +195,7 @@
   apt:
     name: "{{ microcode_package }}"
     state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
   when:
     - ansible_facts['distribution'] == "Ubuntu"
     - ansible_facts['distribution_release'] == "bionic"
@@ -209,7 +209,7 @@
   apt:
     name: "{{ microcode_package }}"
     state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
   when:
     - ansible_facts['distribution'] == "Ubuntu"
     - ansible_facts['distribution_release'] == "xenial"
@@ -223,7 +223,7 @@
   apt:
     name: "{{ microcode_package }}"
     state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
   when:
     - ansible_facts['distribution'] == "Ubuntu"
     - ansible_facts['distribution_release'] == "jammy"

roles/common/tasks/main.yml

@@ -51,8 +51,8 @@
 #    yum-initial-install
 - import_tasks: yum.yml
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS" or ansible_distribution == "Fedora"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS" or ansible_facts.distribution == "Fedora"
   tags: yum
 
 
@@ -293,14 +293,14 @@
 
 - import_tasks: systemd-services_debian_based_OS.yml
   when:
-    - ansible_os_family == "Debian"
+    - ansible_facts.os_family == "Debian"
   tags:
     - services
 
 
 - import_tasks: systemd-services_redhat_based_OS.yml
   when:
-    - ansible_os_family == "RedHat"
+    - ansible_facts.os_family == "RedHat"
   tags:
     - services
 

roles/common/tasks/nfs.yml

@@ -11,7 +11,7 @@
       - nfs-kernel-server
     state: present
   when:
-    - ansible_os_family == "Debian"
+    - ansible_facts['os_family'] == "Debian"
     - "groups['nfs_server']|string is search(inventory_hostname)"
   tags:
     - nfs-server
@@ -132,7 +132,7 @@
     pkg: nfs-common
     state: present
   when: 
-    - ansible_os_family == "Debian"
+    - ansible_facts['os_family'] == "Debian"
     - "groups['nfs_client']|string is search(inventory_hostname)"
   tags:
     - nfs-client

roles/common/tasks/ntp.yml

@@ -10,7 +10,7 @@
       - ntpsec
     state: present
   when:
-    - ansible_os_family == "Debian"
+    - ansible_facts.os_family == "Debian"
   tags:
     - ntp-server
 
@@ -19,7 +19,7 @@
     path: /etc/ntpsec/ntp.conf.ORIG
   register: etc_ntpsec_conf_ORIG
   when:
-    - ansible_distribution == "Debian"
+    - ansible_facts.distribution == "Debian"
   tags:
     - ntp-server
 
@@ -32,7 +32,7 @@
     group: ntpsec
     mode: '0755'
   when:
-    - ansible_distribution == "Debian"
+    - ansible_facts.distribution == "Debian"
 
 
 - name: (ntp.yml) Backup installation version of file '/etc/ntpsec/ntp.conf'

roles/common/tasks/redis-server.yml

@@ -80,8 +80,8 @@
     - "'www-data' in my_users"
     - "'redis' in my_groups"
   vars:
-     my_users: "{{ getent_passwd.keys()|list }}"
-     my_groups: "{{ getent_group.keys()|list }}"
+     my_users: "{{ ansible_facts.getent_passwd.keys()|list }}"
+     my_groups: "{{ ansible_facts.getent_group.keys()|list }}"
   tags:
     - redis-server
 
@@ -94,8 +94,8 @@
     - "'webadmin' in my_users"
     - "'redis' in my_groups"
   vars:
-     my_users: "{{ getent_passwd.keys()|list }}"
-     my_groups: "{{ getent_group.keys()|list }}"
+     my_users: "{{ ansible_facts.getent_passwd.keys()|list }}"
+     my_groups: "{{ ansible_facts.getent_group.keys()|list }}"
   tags:
     - redis-server
 

roles/common/tasks/samba-user.yml

@@ -42,7 +42,8 @@
   loop_control:
     label: '{{ item.name }}'
   when:
-    - item.name not in getent_passwd
+    - ansible_facts.getent_passwd is defined
+    - item.name not in ansible_facts.getent_passwd
   tags:
     - samba-server
     - samba-user

roles/common/tasks/show.yml

@@ -2,6 +2,6 @@
 
 - name: Show hostname
   debug:
-    msg: "Host: {{ ansible_fqdn | split('.') | first }} FQDN: {{ ansible_fqdn.split('.')[0] }}.{{ ansible_fqdn.split('.')[1] | default('NONE')   }}.{{ ansible_fqdn.split('.')[2] | default('NONE')  }}"
-#    msg: "Host: {{ ansible_fqdn | split('.') | first }} FQDN: {{ ansible_fqdn.split('.')[0] | join( '.') }} | {{ join ( ansible_fqdn.split('.')[1] ) }}"
+    msg: "Host: {{ ansible_facts.fqdn | split('.') | first }} FQDN: {{ ansible_facts.fqdn.split('.')[0] }}.{{ ansible_facts.fqdn.split('.')[1] | default('NONE')   }}.{{ ansible_facts.fqdn.split('.')[2] | default('NONE')  }}"
+#    msg: "Host: {{ ansible_facts.fqdn | split('.') | first }} FQDN: {{ ansible_facts.fqdn.split('.')[0] | join( '.') }} | {{ join ( ansible_facts.fqdn.split('.')[1] ) }}"
 

roles/common/tasks/systemd-services_redhat_based_OS.yml

@@ -8,7 +8,7 @@
   with_items: 
     - "{{ redhat_services_active_and_started }}"
   when: 
-    - ansible_os_family == "RedHat"
+    - ansible_facts.os_family == "RedHat"
 
 #- debug: msg="{{ service_exists.results }}"
 
@@ -23,7 +23,7 @@
     label: '{{ item.item }}'
   when: 
     - item.rc == 0 
-    - ansible_os_family == "RedHat"
+    - ansible_facts.os_family == "RedHat"
 
 #- debug: msg="{{ service_is_enabled.results }}"
 

roles/common/tasks/tor.yml

@@ -6,7 +6,7 @@
       - tor
     state: present
   when:
-    - ansible_os_family == "Debian"
+    - ansible_facts.os_family == "Debian"
   tags:
     - tor-service
 

roles/common/tasks/yum.yml

@@ -7,8 +7,8 @@
     update_cache: yes
     #cache_valid_time: 3600
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS" or ansible_distribution == "Fedora"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS" or ansible_facts.distribution == "Fedora"
   tags:
     - yum-update
 
@@ -18,8 +18,8 @@
     name: epel-release
     state: latest
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS"
 
 
 # Its more eficient to in
@@ -28,9 +28,9 @@
     name: "{{ yum_base_install_centos_7 }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS"
-    - ansible_distribution_major_version == "7"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS"
+    - ansible_facts.distribution_major_version == "7"
   tags:
     - yum-base-install
 
@@ -39,9 +39,9 @@
     name: "{{ yum_initial_install_centos_7 }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS"
-    - ansible_distribution_major_version == "7"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS"
+    - ansible_facts.distribution_major_version == "7"
   tags:
     - yum-initial-install
 
@@ -52,9 +52,9 @@
     name: "{{ yum_base_install_fedora_38 }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "Fedora"
-    - ansible_distribution_major_version == "38"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "Fedora"
+    - ansible_facts.distribution_major_version == "38"
   tags:
     - yum-base-install
 
@@ -63,9 +63,9 @@
     name: "{{ yum_initial_install_fedora_38 }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "Fedora"
-    - ansible_distribution_major_version == "38"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "Fedora"
+    - ansible_facts.distribution_major_version == "38"
   tags:
     - yum-initial-install
 
@@ -75,8 +75,8 @@
     name: "{{ yum_lxc_host_pkgs_centos }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS"
     - groups['lxc_host']|string is search(inventory_hostname)
   tags:
     - yum-lxc-hosts-pkgs
@@ -86,8 +86,8 @@
     name: "{{ yum_lxc_host_pkgs_fedora }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "Fedora"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "Fedora"
     - groups['lxc_host']|string is search(inventory_hostname)
   tags:
     - yum-lxc-hosts-pkgs
@@ -98,8 +98,8 @@
     name: "{{ yum_postgresql_pkgs_centos }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS"
     - install_postgresql_pkgs|bool
   tags:
     - apt-postgresql-server-pkgs
@@ -109,8 +109,8 @@
     name: "{{ yum_postgresql_pkgs_fedora }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "Fedora"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "Fedora"
     - install_postgresql_pkgs|bool
   tags:
     - apt-postgresql-server-pkgs
@@ -121,8 +121,8 @@
     name: "{{ yum_compiler_pkgs_centos }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS"
     - install_compiler_pkgs|bool
   tags:
     - yum-compiler-pkgs
@@ -132,8 +132,8 @@
     name: "{{ yum_compiler_pkgs_fedora }}"
     state: "{{ yum_install_state }}"
   when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "Fedora"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "Fedora"
     - install_compiler_pkgs|bool
   tags:
     - yum-compiler-pkgs
@@ -143,8 +143,8 @@
     name: "{{ yum_webserver_pkgs_centos }}"
     state: "{{ yum_install_state }}"
   when: 
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "CentOS"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "CentOS"
     - install_webserver_pkgs|bool
   tags:
     - yum-webserver-pkgs
@@ -154,8 +154,8 @@
     name: "{{ yum_webserver_pkgs_fedora }}"
     state: "{{ yum_install_state }}"
   when: 
-    - ansible_os_family == "RedHat"
-    - ansible_distribution == "Fedora"
+    - ansible_facts.os_family == "RedHat"
+    - ansible_facts.distribution == "Fedora"
     - install_webserver_pkgs|bool
   tags:
     - yum-webserver-pkgs

roles/common/templates/etc/sudoers.d/50-user.j2

@@ -41,7 +41,7 @@ back {{ item }}
 {% endfor -%}
 
 
-{%- if ansible_virtualization_role == 'host' %}
+{%- if ansible_facts['virtualization_role'] == 'host' %}
 
 {% for item in sudoers_file_user_back_disk_privileges | default([]) %}
 back {{ item }}
@@ -49,7 +49,7 @@ back {{ item }}
 {% endif -%}
 
 
-{%- if groups['webadmin']|string is search(inventory_hostname) %}
+{%- if inventory_hostname in (groups["webadmin"] | default([])) %}
 
 {% for item in sudoers_file_user_webadmin_disk_privileges | default([]) %}
 webadmin {{ item }}
@@ -57,7 +57,7 @@ webadmin {{ item }}
 {% endif -%}
 
 
-{%- if groups['postgresql_server']|string is search(inventory_hostname) %}
+{%- if inventory_hostname in (groups["postgresql_server"] | default([])) %}
 
 {% for item in sudoers_file_user_back_postgres_privileges | default([]) %}
 back {{ item }}
@@ -66,7 +66,7 @@ back {{ item }}
 
 
 {# dns server #}
-{%- if groups['dns_server']|string is search(inventory_hostname) %}
+{%- if inventory_hostname in (groups["dns_server"] | default([])) %}
 
 {% for item in sudoers_file_dns_server_privileges | default([]) %}
 {{ item.name }} {{ item.entry }}
@@ -75,7 +75,7 @@ back {{ item }}
 
 
 {# postfixadmin rules #}
-{%- if groups['mail_server']|string is search(inventory_hostname) %}
+{%- if inventory_hostname in (groups["mail_server"] | default([])) %}
 
 {% for item in sudoers_file_postfixadmin_privileges | default([]) %}
 {{ item.name }} {{ item.entry }}

roles/modify-ipt-server/tasks/ipt-server.yml

@@ -172,8 +172,8 @@
   when:
     - main_ipv4_exists.stat.exists
     - drop_mndp_ipv4_present is changed
-  notify:
-    - Restart IPv4 Firewall
+#  notify:
+#    - Restart IPv4 Firewall
 
 
 - name: Check if String 'drop_mndp=..' is present
@@ -246,8 +246,69 @@
   when:
     - main_ipv6_exists.stat.exists
     - drop_mndp_ipv6_present is changed
-  notify:
-    - Restart IPv6 Firewall
+#  notify:
+#    - Restart IPv6 Firewall
+
+# ---
+# Fix section  Limit Connections - add limit_new_tcp_connections_per_seconds_ports
+# ---
+
+- name: Check if String 'limit_new_tcp_connections_per_seconds_ports=..' is present
+  shell: grep -q -E "^limit_new_tcp_connections_per_seconds_ports=" /etc/ipt-firewall/main_ipv4.conf
+  register: drop_limit_new_tcp_connections_per_seconds_ports_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 1"
+  changed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (limit_new_tcp_connections_per_seconds_ports)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*limit_new_tcp_connections_per_seconds_per_source_IP'
+    block: |
+      # - limit_new_tcp_connections_per_seconds_ports
+      # -
+      # - comma separated list of ports
+      # -
+      # - Example:
+      # -   limit_new_tcp_connections_per_seconds_ports="80,443"
+      # -   limit_new_tcp_connections_per_seconds_ports="80,110,143,443,465,995"
+      #
+      limit_new_tcp_connections_per_seconds_ports=""
+    marker: "# Marker set by modify-ipt-server.yml (limit_new_tcp_connections_per_seconds_ports)"
+  when:
+    - main_ipv4_exists.stat.exists
+    - drop_limit_new_tcp_connections_per_seconds_ports_present is changed
+#  notify:
+#    - Restart IPv4 Firewall
+
+
+- name: Check if String 'limit_new_tcp_connections_per_seconds_ports=..' is present
+  shell: grep -q -E "^limit_new_tcp_connections_per_seconds_ports=" /etc/ipt-firewall/main_ipv6.conf
+  register: drop_limit_new_tcp_connections_per_seconds_ports_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 1"
+  changed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (limit_new_tcp_connections_per_seconds_ports)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*limit_new_tcp_connections_per_seconds_per_source_IP'
+    block: |
+      # - limit_new_tcp_connections_per_seconds_ports
+      # -
+      # - comma separated list of ports
+      # -
+      # - Example:
+      # -   limit_new_tcp_connections_per_seconds_ports="80,443"
+      # -   limit_new_tcp_connections_per_seconds_ports="80,110,143,443,465,995"
+      #
+      limit_new_tcp_connections_per_seconds_ports=""
+    marker: "# Marker set by modify-ipt-server.yml (limit_new_tcp_connections_per_seconds_ports)"
+  when:
+    - main_ipv6_exists.stat.exists
+    - drop_limit_new_tcp_connections_per_seconds_ports_present is changed
+#  notify:
+#    - Restart IPv6 Firewall
 
 
 # ===
@@ -318,8 +379,8 @@
   when:
     - main_ipv4_exists.stat.exists
     - per_ip_connection_limit_settings_ipv4_present is changed
-  notify:
-    - Restart IPv4 Firewall
+#  notify:
+#    - Restart IPv4 Firewall
 
 
 - name: Check if String 'per_IP_connection_limit=..' is present
@@ -337,8 +398,8 @@
   when:
     - main_ipv6_exists.stat.exists
     - per_ip_connection_limit_settings_ipv6_present is changed
-  notify:
-    - Restart IPv6 Firewall
+#  notify:
+#    - Restart IPv6 Firewall
 
 
 
@@ -363,7 +424,7 @@
      - load_modules_ipv6.conf
      - logging_ipv4.conf
      - logging_ipv6.conf
-     - post_decalrations.conf
+     - post_declarations.conf
   register: diff_script_output
 
 - name: Ensure configuration files are latest
@@ -375,13 +436,13 @@
      - load_modules_ipv6.conf
      - logging_ipv4.conf
      - logging_ipv6.conf
-     - post_decalrations.conf
+     - post_declarations.conf
   when:
     - git_firewall_repository is defined and git_firewall_repository|length > 0
     - diff_script_output.changed
-  notify:
-    - Restart IPv4 Firewall
-    - Restart IPv6 Firewall
+#  notify:
+#    - Restart IPv4 Firewall
+#    - Restart IPv6 Firewall
 
 
 
@@ -412,9 +473,9 @@
   when:
     - git_firewall_repository is defined and git_firewall_repository|length > 0
     - diff_script_output.changed
-  notify:
-    - Restart IPv4 Firewall
-    - Restart IPv6 Firewall
+#  notify:
+#    - Restart IPv4 Firewall
+#    - Restart IPv6 Firewall
 
 
 
@@ -432,3 +493,8 @@
     state: absent
     path: /etc/ipt-firewall/ports.conf
 
+- name: Delete file '/etc/ipt-firewall/ports.conf' ..
+  file:
+    state: absent
+    path: /etc/ipt-firewall/post_decalrations.conf
+