- name: 
  tags:
    - lxc-host
    - lxc-host-network
  block:
    - name: Enable NAT configuration through UFW
      become: yes
      notify: reload ufw
      blockinfile:
        path: /etc/ufw/before.rules
        insertbefore: "# Don't delete these required lines, otherwise there will be errors"
        block: |
          # NAT table rules
          *nat
          :POSTROUTING ACCEPT [0:0]

          # Forward traffic through eth0 - Change to match you out-interface
          -A POSTROUTING -s {{ internal_if.ipv4.address }}/{{ internal_if.ipv4.netmask }} -o {{ lxc_host__hardware_if }} -j MASQUERADE

          # don't delete the 'COMMIT' line or these nat table rules won't be processed
          COMMIT