cellinfo
/
ansible.nftables
2
0
Fork 0
Code Issues Pull Requests Releases Activity

Add a warning for the first run.

This commit is contained in:
Jeremy Gardais 2017-08-23 15:02:27 +02:00
parent f2d586c176
commit 96080445da
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@ -5,10 +5,11 @@
* [OS Specific Variables](#os-specific-variables) * [OS Specific Variables](#os-specific-variables)
* [Rules Dictionaries](#rules-dictionaries) * [Rules Dictionaries](#rules-dictionaries)
3. [Example Playbook](#example-playbook) 3. [Example Playbook](#example-playbook)
4. [Configuration](#configuration) 4. [Known Issue](#known-issue)
5. [Development](#development) 5. [Configuration](#configuration)
6. [License](#license) 6. [Development](#development)
7. [Author Information](#author-information) 7. [License](#license)
8. [Author Information](#author-information)
## Overview ## Overview
@ -237,6 +238,15 @@ nft_input_group_rules:
- counter - counter
``` ```
## Known Issue
* The first run of a playbook may be long (~8 minutes) just after the (re)start of `nftables` service.
* Probably due to Ansible/OpenSSH Specific default Settings, the outgoing connections for Ansible/SSH will be blocked:
```
trace id d7c3a8dc inet firewall output packet: oif "ens18" ip saddr REMOTE_HOST ip daddr MY_HOST ip dscp 0x02 ip ecn not-ect ip ttl 64 ip id 56799 ip length 420 tcp sport ssh tcp dport 53922 tcp flags == 0x18 tcp window 1452
```
* This only happen at the first run on new clean host. The next runs will works without any delay.
## Configuration ## Configuration
This role will: This role will: