ansible.nftables/templates/etc/nftables.conf.j2

29 lines
561 B
Plaintext
Raw Normal View History

2017-08-07 13:48:54 +02:00
#!/usr/sbin/nft -f
# {{ ansible_managed }}
{% set globalmerged = nft_global_default_rules.copy() %}
{% set _ = globalmerged.update(nft_global_group_rules) %}
{% set _ = globalmerged.update(nft_global_host_rules) %}
2017-08-07 13:48:54 +02:00
# clean
flush ruleset
table inet firewall {
chain global {
{% for group, rules in globalmerged|dictsort %}
# {{ group }}
{% if not rules %}
# (none)
{% endif %}
{% for rule in rules %}
{{ rule }}
{% endfor %}
{% endfor %}
}
2017-08-07 17:37:41 +02:00
include "{{ nft_input_conf_path }}"
2017-08-07 13:48:54 +02:00
chain output {
type filter hook output priority 0;
jump global
2017-08-07 13:48:54 +02:00
}
}