Merge branch 'VTimofeenko-master'

This commit is contained in:
Jeremy Gardais 2021-08-13 11:37:58 +02:00
commit 5dbf5b9b1c
Signed by: jegardai
GPG Key ID: E759BAA22501AF32
6 changed files with 25 additions and 7 deletions

View File

@ -5,6 +5,8 @@
* New rules (disable by default) can be define in *forward* chain (thanks to * New rules (disable by default) can be define in *forward* chain (thanks to
@p-rintz PR #14). @p-rintz PR #14).
* Possibility to toggle file's backup (thanks to @p-rintz PR #15). * Possibility to toggle file's backup (thanks to @p-rintz PR #15).
* Gentoo-specific variables
* Ability to specify nft binary path through **nft__bin_location**
### Removed ### Removed
* Remove everything related to **in_udp_accept** (see conversation in PR #13). * Remove everything related to **in_udp_accept** (see conversation in PR #13).

View File

@ -89,6 +89,7 @@ complexify his philosophy… (I'm pretty sure, i now did complexify it :D) ^^
Please see default value by Operating System file in [vars][vars directory] directory. Please see default value by Operating System file in [vars][vars directory] directory.
* **nft_pkg_list**: The list of package(s) to provide `nftables`. * **nft_pkg_list**: The list of package(s) to provide `nftables`.
* **nft__bin_location** : Path to `nftables` executable. [default : `/usr/sbin/nft`]
### Rules Dictionaries ### Rules Dictionaries

View File

@ -599,3 +599,13 @@ nft_backup_conf: True
# ]]] # ]]]
# ]]] # ]]]
# ]]] # ]]]
# OS specific variables defaults [[[
# ----------------------------------
# .. envvar:: nft__bin_location [[[
#
# Specify Nftables executable location.
#
nft__bin_location: '/usr/sbin/nft'
# ]]]
# ]]]

View File

@ -1,5 +1,5 @@
#jinja2: lstrip_blocks: "True", trim_blocks: "True" #jinja2: lstrip_blocks: "True", trim_blocks: "True"
#!/usr/sbin/nft -f #!{{ nft__bin_location }} -f
# {{ ansible_managed }} # {{ ansible_managed }}
{% set globalmerged = nft_global_default_rules.copy() %} {% set globalmerged = nft_global_default_rules.copy() %}
{% set _ = globalmerged.update(nft_global_rules) %} {% set _ = globalmerged.update(nft_global_rules) %}

View File

@ -13,13 +13,13 @@ ProtectSystem=full
ProtectHome=true ProtectHome=true
{% endif %} {% endif %}
{% if nft__fail2ban_service %} {% if nft__fail2ban_service %}
ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service ExecStart={{ nft__bin_location }} -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
ExecStop=/bin/systemctl stop fail2ban.service ; /usr/sbin/nft flush ruleset ExecStop=/bin/systemctl stop fail2ban.service ; {{ nft__bin_location }} flush ruleset
{% else %} {% else %}
ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }} ExecStart={{ nft__bin_location }} -f {{ nft_main_conf_path }}
ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }} ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }}
ExecStop=/usr/sbin/nft flush ruleset ExecStop={{ nft__bin_location }} flush ruleset
{% endif %} {% endif %}
[Install] [Install]

5
vars/gentoo.yml Normal file
View File

@ -0,0 +1,5 @@
---
# vars file for Gentoo
nft_pkg_list:
- net-firewall/nftables
nft__bin_location: "/sbin/nft"