2017-08-07 13:48:54 +02:00
|
|
|
#!/usr/sbin/nft -f
|
|
|
|
# {{ ansible_managed }}
|
2017-08-07 17:07:35 +02:00
|
|
|
{% set globalmerged = nft_global_default_rules.copy() %}
|
|
|
|
{% set _ = globalmerged.update(nft_global_group_rules) %}
|
|
|
|
{% set _ = globalmerged.update(nft_global_host_rules) %}
|
|
|
|
|
2017-08-07 13:48:54 +02:00
|
|
|
# clean
|
|
|
|
flush ruleset
|
|
|
|
|
2017-08-08 12:11:58 +02:00
|
|
|
include "/etc/nftables.d/defines.nft"
|
|
|
|
|
2017-08-07 13:48:54 +02:00
|
|
|
table inet firewall {
|
2017-08-07 17:07:35 +02:00
|
|
|
chain global {
|
|
|
|
{% for group, rules in globalmerged|dictsort %}
|
|
|
|
# {{ group }}
|
|
|
|
{% if not rules %}
|
|
|
|
# (none)
|
|
|
|
{% endif %}
|
|
|
|
{% for rule in rules %}
|
|
|
|
{{ rule }}
|
|
|
|
{% endfor %}
|
|
|
|
{% endfor %}
|
|
|
|
}
|
2017-08-08 14:32:59 +02:00
|
|
|
include "{{ nft_set_conf_path }}"
|
2017-08-07 17:37:41 +02:00
|
|
|
include "{{ nft_input_conf_path }}"
|
2017-08-07 13:48:54 +02:00
|
|
|
chain output {
|
|
|
|
type filter hook output priority 0;
|
2017-08-07 17:07:35 +02:00
|
|
|
jump global
|
2017-08-07 13:48:54 +02:00
|
|
|
}
|
|
|
|
}
|