Add a variable to manage custom content (table, include,…)
This commit is contained in:
parent
b0da91bb73
commit
4047d64c76
|
@ -1,8 +1,9 @@
|
||||||
## v1.X
|
## v1.5.0
|
||||||
|
|
||||||
### Enhancements
|
### Enhancements
|
||||||
* Add a variable to disable "Protect" instructions in systemd unit.
|
* Add a variable to disable "Protect" instructions in systemd unit.
|
||||||
* Improve vars description/comments in default/main.yml.
|
* Improve vars description/comments in default/main.yml.
|
||||||
|
* Add a variable to manage custom content (table, include,…).
|
||||||
|
|
||||||
## v1.4.1
|
## v1.4.1
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,8 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
|
||||||
* **nft_global_default_rules** : Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules.
|
* **nft_global_default_rules** : Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules.
|
||||||
* **nft_global_rules** : You can add `global` rules or override those defined by **nft_global_default_rules** for all hosts.
|
* **nft_global_rules** : You can add `global` rules or override those defined by **nft_global_default_rules** for all hosts.
|
||||||
* **nft_global_group_rules** : You can add `global` rules or override those defined by **nft_global_default_rules** and **nft_global_rules** for a group.
|
* **nft_global_group_rules** : You can add `global` rules or override those defined by **nft_global_default_rules** and **nft_global_rules** for a group.
|
||||||
* **nft_global_host_rules:** : Hosts can also add or override all previours rules.
|
* **nft_global_host_rules** : Hosts can also add or override all previours rules.
|
||||||
|
* **nft__custom_content** : Custom content (tables, include,…) to add in Nftables configuration [default : `''`].
|
||||||
* **nft_input_default_rules** : Set default rules for `input` chain.
|
* **nft_input_default_rules** : Set default rules for `input` chain.
|
||||||
* **nft_input_rules** : You can add `input` rules or override those defined by **nft_input_default_rules** for all hosts.
|
* **nft_input_rules** : You can add `input` rules or override those defined by **nft_input_default_rules** for all hosts.
|
||||||
* **nft_input_group_rules** : You can add `input` rules or override those defined by **nft_input_default_rules** and **nft_input_rules** for a group.
|
* **nft_input_group_rules** : You can add `input` rules or override those defined by **nft_input_default_rules** and **nft_input_rules** for a group.
|
||||||
|
|
|
@ -66,6 +66,11 @@ nft_global_group_rules: {}
|
||||||
# in the Ansible inventory.
|
# in the Ansible inventory.
|
||||||
nft_global_host_rules: {}
|
nft_global_host_rules: {}
|
||||||
# ]]]
|
# ]]]
|
||||||
|
# .. envvar:: nft__custom_content [[[
|
||||||
|
#
|
||||||
|
# Custom content (tables, include,…) to add in Nftables configuration.
|
||||||
|
nft__custom_content: ''
|
||||||
|
# ]]]
|
||||||
# ]]]
|
# ]]]
|
||||||
# Nftables vars definition [[[
|
# Nftables vars definition [[[
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
|
|
|
@ -26,3 +26,8 @@ table inet filter {
|
||||||
include "{{ nft_input_conf_path }}"
|
include "{{ nft_input_conf_path }}"
|
||||||
include "{{ nft_output_conf_path }}"
|
include "{{ nft_output_conf_path }}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{% if nft__custom_content|d() %}
|
||||||
|
# Custom content from ipr-cnrs.nftables
|
||||||
|
{{ nft__custom_content }}
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue