Add a variable to manage custom content (table, include,…)

This commit is contained in:
Jeremy Gardais 2019-04-16 11:50:30 +02:00
parent b0da91bb73
commit 4047d64c76
Signed by: jegardai
GPG Key ID: E759BAA22501AF32
4 changed files with 14 additions and 2 deletions

View File

@ -1,8 +1,9 @@
## v1.X ## v1.5.0
### Enhancements ### Enhancements
* Add a variable to disable "Protect" instructions in systemd unit. * Add a variable to disable "Protect" instructions in systemd unit.
* Improve vars description/comments in default/main.yml. * Improve vars description/comments in default/main.yml.
* Add a variable to manage custom content (table, include,…).
## v1.4.1 ## v1.4.1

View File

@ -38,7 +38,8 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
* **nft_global_default_rules**: Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules. * **nft_global_default_rules**: Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules.
* **nft_global_rules**: You can add `global` rules or override those defined by **nft_global_default_rules** for all hosts. * **nft_global_rules**: You can add `global` rules or override those defined by **nft_global_default_rules** for all hosts.
* **nft_global_group_rules**: You can add `global` rules or override those defined by **nft_global_default_rules** and **nft_global_rules** for a group. * **nft_global_group_rules**: You can add `global` rules or override those defined by **nft_global_default_rules** and **nft_global_rules** for a group.
* **nft_global_host_rules:**: Hosts can also add or override all previours rules. * **nft_global_host_rules**: Hosts can also add or override all previours rules.
* **nft__custom_content**: Custom content (tables, include,…) to add in Nftables configuration [default: `''`].
* **nft_input_default_rules**: Set default rules for `input` chain. * **nft_input_default_rules**: Set default rules for `input` chain.
* **nft_input_rules**: You can add `input` rules or override those defined by **nft_input_default_rules** for all hosts. * **nft_input_rules**: You can add `input` rules or override those defined by **nft_input_default_rules** for all hosts.
* **nft_input_group_rules**: You can add `input` rules or override those defined by **nft_input_default_rules** and **nft_input_rules** for a group. * **nft_input_group_rules**: You can add `input` rules or override those defined by **nft_input_default_rules** and **nft_input_rules** for a group.

View File

@ -66,6 +66,11 @@ nft_global_group_rules: {}
# in the Ansible inventory. # in the Ansible inventory.
nft_global_host_rules: {} nft_global_host_rules: {}
# ]]] # ]]]
# .. envvar:: nft__custom_content [[[
#
# Custom content (tables, include,…) to add in Nftables configuration.
nft__custom_content: ''
# ]]]
# ]]] # ]]]
# Nftables vars definition [[[ # Nftables vars definition [[[
# ---------------------------- # ----------------------------

View File

@ -26,3 +26,8 @@ table inet filter {
include "{{ nft_input_conf_path }}" include "{{ nft_input_conf_path }}"
include "{{ nft_output_conf_path }}" include "{{ nft_output_conf_path }}"
} }
{% if nft__custom_content|d() %}
# Custom content from ipr-cnrs.nftables
{{ nft__custom_content }}
{% endif %}