https://pagure.io/centos-infra/issue/1526

So far, our [iptables](https://github.com/centos/ansible-role-iptables) ansible role was taking care of :

• setting up baseline rule
• adding more custom rules
• providing a custom task that could be imported from other roles to open traffic

It was working for years (and continue to do so) but since el9, nft was introduced to replace (older) iptables utility. While the compat was still working for el9, it's now time to investigate migrating natively to nftables

Proposal :

• still use same iptables role (inherited/included everywhere)
• just provide nftables rules starting from stream10/el10
• inject same logic also for custom rules/tasks (https://github.com/CentOS/ansible-role-iptables/blob/master/tasks/custom-policy.yml) showing that diff (based on distro release/version)