ansible.nftables/templates/lib/systemd/system/nftables.service.j2

# {{ ansible_managed }}
[Unit]
Description={{ nft_service_name }}
Documentation=man:nft(8) http://wiki.nftables.org
;Before=fail2ban.service

[Service]
Type=oneshot
RemainAfterExit=yes
StandardInput=null
{% if nft__service_protect %}
ProtectSystem=full
ProtectHome=true
{% endif %}
ExecStart={{ nft__bin_location }} -f {{ nft_main_conf_path }}
ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }}
ExecStop={{ nft__bin_location }} flush ruleset

[Install]
WantedBy=multi-user.target
Provide the systemd unit. 2018-02-06 16:58:18 +01:00			`# {{ ansible_managed }}`
			`[Unit]`
			`Description={{ nft_service_name }}`
			`Documentation=man:nft(8) http://wiki.nftables.org`
Add possibility to restart Fail2ban service 2018-08-07 11:03:29 +02:00			`;Before=fail2ban.service`
Provide the systemd unit. 2018-02-06 16:58:18 +01:00
			`[Service]`
			`Type=oneshot`
			`RemainAfterExit=yes`
			`StandardInput=null`
Allow to disable "Protect" in systemd unit 2019-03-15 11:13:26 +01:00			`{% if nft__service_protect %}`
Provide the systemd unit. 2018-02-06 16:58:18 +01:00			`ProtectSystem=full`
			`ProtectHome=true`
Allow to disable "Protect" in systemd unit 2019-03-15 11:13:26 +01:00			`{% endif %}`
Added ability to specify nft bin location Gentoo installs nft binary into /sbin/nft in accordance with the filesystem spec: https://devmanual.gentoo.org/general-concepts/filesystem/ This commit adds the ability to specify the location of nft binary through variable nft__bin_location. By default it is set to "/usr/sbin/nft". 2021-08-07 01:23:36 +02:00			`ExecStart={{ nft__bin_location }} -f {{ nft_main_conf_path }}`
			`ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }}`
			`ExecStop={{ nft__bin_location }} flush ruleset`
Provide the systemd unit. 2018-02-06 16:58:18 +01:00
			`[Install]`
			`WantedBy=multi-user.target`