Squashed commit of the following:

commit f79beaa3b3b642c370552d63b0848195358bccd0
Author: James Cammarata <jimi@sngx.net>
Date:   Wed Jun 28 17:00:57 2017 -0500

    Add example for iptables using the policy option

commit 1a0f9debdb526bef9d8d469a84a8cc55ef68da03
Author: James Cammarata <jimi@sngx.net>
Date:   Wed Jun 28 16:59:52 2017 -0500

    Fix missing re import for iptables after merging #19476

commit 084479d21d
Author: Alexey Solodkiy <work@x1.by>
Date:   Sun Dec 18 12:07:05 2016 +0300

    fix #19476

lib/ansible/modules/system/iptables.py

@@ -346,8 +346,15 @@ EXAMPLES = '''
     table: mangle
     set_dscp_mark_class: CS1
     protocol: tcp
+
+# Set the policy for the INPUT chain to DROP
+- iptables:
+    chain: INPUT
+    policy: DROP
 '''
 
+import re
+
 # import module snippets
 from ansible.module_utils.basic import AnsibleModule
 
@@ -463,6 +470,16 @@ def set_chain_policy(iptables_path, module, params):
     module.run_command(cmd, check_rc=True)
 
 
+def get_chain_policy(iptables_path, module, params):
+    cmd = push_arguments(iptables_path, '-L', params)
+    rc, out, _ = module.run_command(cmd, check_rc=True)
+    chain_header = out.split("\n")[0]
+    result = re.search(r'\(policy ([A-Z]+)\)', chain_header)
+    if result:
+        return result.group(1)
+    return None
+
+
 def main():
     module = AnsibleModule(
         supports_check_mode=True,
@@ -540,18 +557,40 @@ def main():
         module.fail_json( msg="Either chain or flush parameter must be specified.")
 
     # Flush the table
-    if args['flush']:
+    if args['flush'] is True:
         args['changed'] = True
         if not module.check_mode:
             flush_table(iptables_path, module, module.params)
 
     # Set the policy
     elif module.params['policy']:
-        args['changed'] = True
+        current_policy = get_chain_policy(iptables_path, module, module.params)
-        if not module.check_mode:
+        if not current_policy:
+            module.fail_json(msg='Can\'t detect current policy')
+
+        changed = current_policy != module.params['policy']
+        args['changed'] = changed
+        if changed and not module.check_mode:
             set_chain_policy(iptables_path, module, module.params)
 
-    # Chain
+    else:
+        insert = (module.params['action'] == 'insert')
+        rule_is_present = check_present(iptables_path, module, module.params)
+        should_be_present = (args['state'] == 'present')
+
+        # Check if target is up to date
+        args['changed'] = (rule_is_present != should_be_present)
+        if args['changed'] is False:
+            # Target is already up to date
+            module.exit_json(**args)
+
+        # Check only; don't modify
+        if not module.check_mode:
+            if should_be_present:
+                if insert:
+                    insert_rule(iptables_path, module, module.params)
+                else:
+                    append_rule(iptables_path, module, module.params)
             else:
                 insert = (module.params['action'] == 'insert')
                 rule_is_present = check_present(iptables_path, module, module.params)