cellinfo
/
ansible.nftables
2
0
Fork 0
Code Issues Pull Requests Releases Activity

Rename nft_input_conf file.

This commit is contained in:
Jeremy Gardais 2017-08-08 13:42:02 +02:00
parent f1d2f6582f
commit 983e77df5d
3 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -22,8 +22,8 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
* **nft_pkg_state**: State of new `nftables` package(s) [default: `installed`]. * **nft_pkg_state**: State of new `nftables` package(s) [default: `installed`].
* **nft_main_conf_path**: Main configuration file loaded by systemd unit [default: `/etc/nftables.conf`]. * **nft_main_conf_path**: Main configuration file loaded by systemd unit [default: `/etc/nftables.conf`].
* **nft_main_conf_content**: Template used to generate the previous main configuration file [default: `etc/nftables.conf.j2`]. * **nft_main_conf_content**: Template used to generate the previous main configuration file [default: `etc/nftables.conf.j2`].
* **nft_input_conf_path**: Input configuration file include in main configuration file [default: `/etc/nftables.d/inet-filter.nft`]. * **nft_input_conf_path**: Input configuration file include in main configuration file [default: `/etc/nftables.d/inet-input.nft`].
* **nft_input_conf_content**: Template used to generate the previous input configuration file [default: `etc/nftables.d/inet-filter.nft.j2`]. * **nft_input_conf_content**: Template used to generate the previous input configuration file [default: `etc/nftables.d/inet-input.nft.j2`].
* **nft_global_default_rules**: Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules. * **nft_global_default_rules**: Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules.
* **nft_global_group_rules**: You can add `global` rules or override those defined by **nft_global_default_rules** for a group. * **nft_global_group_rules**: You can add `global` rules or override those defined by **nft_global_default_rules** for a group.
* **nft_global_host_rules:**: Hosts can also add or override `global` rules. * **nft_global_host_rules:**: Hosts can also add or override `global` rules.

4
defaults/main.yml
View File

@ -8,8 +8,8 @@ nft_pkg_state: 'installed'
# conf # conf
nft_main_conf_path: '/etc/nftables.conf' nft_main_conf_path: '/etc/nftables.conf'
nft_main_conf_content: 'etc/nftables.conf.j2' nft_main_conf_content: 'etc/nftables.conf.j2'
nft_input_conf_path: '/etc/nftables.d/inet-filter.nft' nft_input_conf_path: '/etc/nftables.d/inet-input.nft'
nft_input_conf_content: 'etc/nftables.d/inet-filter.nft.j2' nft_input_conf_content: 'etc/nftables.d/inet-input.nft.j2'
nft_define_conf_path: '/etc/nftables.d/defines.nft' nft_define_conf_path: '/etc/nftables.d/defines.nft'
nft_define_conf_content: 'etc/nftables.d/defines.nft.j2' nft_define_conf_content: 'etc/nftables.d/defines.nft.j2'

1
templates/etc/nftables.d/inet-filter.nft.j2 → templates/etc/nftables.d/inet-input.nft.j2
View File

@ -1,5 +1,4 @@
# {{ ansible_managed }} # {{ ansible_managed }}
{% set inputmerged = nft_input_default_rules.copy() %} {% set inputmerged = nft_input_default_rules.copy() %}
{% set _ = inputmerged.update(nft_input_group_rules) %} {% set _ = inputmerged.update(nft_input_group_rules) %}
{% set _ = inputmerged.update(nft_input_host_rules) %} {% set _ = inputmerged.update(nft_input_host_rules) %}