Disable Docker's tampering with iptables. We are opening ports as we see fit using host vars

tasks/main.yml

@@ -1,6 +1,37 @@
 ---
 # tasks file for traefik
 
+- name: Ensure systemd docker.service.d directory exists
+  file:
+    path: "/etc/systemd/system/docker.service.d/"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+  tags: firewall
+  
+- name: Provide systemd config to disable Docker's tampering with the firewall
+  copy:
+    dest: /etc/systemd/system/docker.service.d/noiptables.conf
+    owner: root
+    group: root
+    mode: '0644'
+    content: |
+      [Service]
+      ExecStart=
+      ExecStart=/usr/bin/dockerd -H fd:// --iptables=false
+  tags: firewall
+  register: docker_restart_required
+
+- name: Restart docker service to pickup config changes
+  systemd:
+    name: docker
+    daemon_reload: yes
+    state: restarted
+  become: true
+  when: docker_restart_required.changed
+  tags: firewall
+
 - name: Ensure traefik config directory exists
   file:
     path: /home/{{ docker_user }}/traefik