From e9d212437a34f6fcd30ace6009a6d956f5613b33 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 5 Apr 2022 13:07:36 +0100
Subject: [PATCH] firewall pkgs to masked as default

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index a0bf863..b8e3d8b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -485,13 +485,13 @@ rhel9cis_default_zone: public
 rhel9cis_firewalld_nftables_state: masked  # Note if absent removes the firewalld pkg dependancy
 
 #### nftables
-rhel9cis_nftables_firewalld_state: absent
+rhel9cis_nftables_firewalld_state: masked
 rhel9cis_nft_tables_autonewtable: true
 rhel9cis_nft_tables_tablename: filter
 rhel9cis_nft_tables_autochaincreate: true
 
 #### iptables
-rhel9cis_iptables_firewalld_state: absent
+rhel9cis_iptables_firewalld_state: masked
 
 # Warning Banner Content (issue, issue.net, motd)
 rhel9cis_warning_banner: |