From 32c409cb48469951bf42045bc5c8889720d27dcd Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 5 Apr 2022 10:08:21 +0100
Subject: [PATCH] reorder 3.4.1.2

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_3/cis_3.4.1.x.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tasks/section_3/cis_3.4.1.x.yml b/tasks/section_3/cis_3.4.1.x.yml
index bb5cf97..b7b5033 100644
--- a/tasks/section_3/cis_3.4.1.x.yml
+++ b/tasks/section_3/cis_3.4.1.x.yml
@@ -21,16 +21,18 @@
       - name: "3.4.1.2 | PATCH | Ensure iptables-services not installed with firewalld | Stop running services"
         systemd:
             name: "{{ item }}"
-            masked: true
+            state: stopped
+            enabled: false
         with_items:
             - iptables
             - ip6tables
         when: item in ansible_facts.packages
 
-      - name: "3.4.1.2 | PATCH | Ensure iptables-services not installed with firewalld | Remove IPTables"
+      - name: "3.4.1.2 | PATCH | Ensure iptables-services not installed with firewalld | remove iptables-services pkg "
         package:
             name: iptables-services
             state: absent
+        when: "'iptables-services' in ansible_facts.packages"
   when:
       - rhel9cis_rule_3_4_1_2
   tags: