Add a variable to manage custom content (table, include,…)

2019-04-16 11:50:30 +02:00 · 2019-04-16 11:50:30 +02:00 · 4047d64c76
parent b0da91bb73
commit 4047d64c76
4 changed files with 14 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,8 +1,9 @@
-## v1.X
+## v1.5.0

 ### Enhancements
 * Add a variable to disable "Protect" instructions in systemd unit.
 * Improve vars description/comments in default/main.yml.
+* Add a variable to manage custom content (table, include,…).

 ## v1.4.1

--- a/README.md
+++ b/README.md
@ -38,7 +38,8 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
 * **nft_global_default_rules** : Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules.
 * **nft_global_rules** : You can add `global` rules or override those defined by **nft_global_default_rules** for all hosts.
 * **nft_global_group_rules** : You can add `global` rules or override those defined by **nft_global_default_rules** and **nft_global_rules** for a group.
-* **nft_global_host_rules:** : Hosts can also add or override all previours rules.
+* **nft_global_host_rules** : Hosts can also add or override all previours rules.
+* **nft__custom_content** : Custom content (tables, include,…) to add in Nftables configuration [default : `''`].
 * **nft_input_default_rules** : Set default rules for `input` chain.
 * **nft_input_rules** : You can add `input` rules or override those defined by **nft_input_default_rules** for all hosts.
 * **nft_input_group_rules** : You can add `input` rules or override those defined by **nft_input_default_rules** and **nft_input_rules** for a group.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -66,6 +66,11 @@ nft_global_group_rules: {}
 # in the Ansible inventory.
 nft_global_host_rules: {}
                                                                   # ]]]
+# .. envvar:: nft__custom_content [[[
+#
+# Custom content (tables, include,…) to add in Nftables configuration.
+nft__custom_content: ''
+                                                                   # ]]]
                                                                   # ]]]
 # Nftables vars definition [[[
 # ----------------------------
--- a/templates/etc/nftables.conf.j2
+++ b/templates/etc/nftables.conf.j2
@ -26,3 +26,8 @@ table inet filter {
 	include "{{ nft_input_conf_path }}"
 	include "{{ nft_output_conf_path }}"
 }
+
+{% if nft__custom_content|d() %}
+# Custom content from ipr-cnrs.nftables
+{{ nft__custom_content }}
+{% endif %}