There’s a bunch of posts about the iptables-save function of the built-in iptables module not working in many cases, so I figured it was a safer bet to suggest the playbook include an actual command invocation.

In my personal experience, the module doesnt actually save the persistent rule in about half the cases. I haven’t looked into it much, but it seems happen more on systems where systemd iptables-firewall is present. (Not trying to start a flame war)