2017-08-07 12:09:13 +02:00
|
|
|
---
|
|
|
|
# defaults file for nftables
|
|
|
|
|
|
|
|
# packages
|
2017-08-07 13:48:54 +02:00
|
|
|
nft_pkg_manage: true
|
|
|
|
nft_pkg_state: 'installed'
|
|
|
|
|
|
|
|
# conf
|
|
|
|
nft_main_conf_path: '/etc/nftables.conf'
|
|
|
|
nft_main_conf_content: 'etc/nftables.conf.j2'
|
2017-08-07 17:37:41 +02:00
|
|
|
nft_input_conf_path: '/etc/nftables.d/inet-filter.nft'
|
|
|
|
nft_input_conf_content: 'etc/nftables.d/inet-filter.nft.j2'
|
2017-08-07 14:14:14 +02:00
|
|
|
|
2017-08-07 17:07:35 +02:00
|
|
|
# rules
|
|
|
|
nft_global_default_rules:
|
|
|
|
000 state management:
|
|
|
|
- ct state established,related accept
|
|
|
|
- ct state invalid drop
|
|
|
|
nft_global_group_rules: {}
|
|
|
|
nft_global_host_rules: {}
|
2017-08-07 17:41:03 +02:00
|
|
|
nft_input_default_rules:
|
|
|
|
000 policy:
|
|
|
|
- type filter hook input priority 0; policy drop;
|
|
|
|
001 global:
|
|
|
|
- jump global
|
|
|
|
nft_input_group_rules: {}
|
|
|
|
nft_input_host_rules: {}
|
2017-08-07 17:07:35 +02:00
|
|
|
|
2017-08-07 14:14:14 +02:00
|
|
|
# service
|
|
|
|
nft_service_manage: true
|
|
|
|
nft_service_name: 'nftables'
|