Added ability to specify nft bin location
Gentoo installs nft binary into /sbin/nft in accordance with the filesystem spec: https://devmanual.gentoo.org/general-concepts/filesystem/ This commit adds the ability to specify the location of nft binary through variable nft__bin_location. By default it is set to "/usr/sbin/nft".
This commit is contained in:
parent
97044bc28f
commit
a442b8f637
|
@ -5,6 +5,8 @@
|
|||
* New rules (disable by default) can be define in *forward* chain (thanks to
|
||||
@p-rintz − PR #14).
|
||||
* Possibility to toggle file's backup (thanks to @p-rintz − PR #15).
|
||||
* Gentoo-specific variables
|
||||
* Ability to specify nft binary path through **nft__bin_location**
|
||||
|
||||
### Removed
|
||||
* Remove everything related to **in_udp_accept** (see conversation in PR #13).
|
||||
|
|
|
@ -89,6 +89,7 @@ complexify his philosophy… (I'm pretty sure, i now did complexify it :D) ^^
|
|||
Please see default value by Operating System file in [vars][vars directory] directory.
|
||||
|
||||
* **nft_pkg_list** : The list of package(s) to provide `nftables`.
|
||||
* **nft__bin_location** : Path to `nftables` executable. [default : `/usr/sbin/nft`]
|
||||
|
||||
### Rules Dictionaries
|
||||
|
||||
|
|
|
@ -599,3 +599,13 @@ nft_backup_conf: True
|
|||
# ]]]
|
||||
# ]]]
|
||||
# ]]]
|
||||
# OS specific variables defaults [[[
|
||||
# ----------------------------------
|
||||
|
||||
# .. envvar:: nft__bin_location [[[
|
||||
#
|
||||
# Specify Nftables executable location.
|
||||
#
|
||||
nft__bin_location: '/usr/sbin/nft'
|
||||
# ]]]
|
||||
# ]]]
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#jinja2: lstrip_blocks: "True", trim_blocks: "True"
|
||||
#!/usr/sbin/nft -f
|
||||
#!{{ nft__bin_location }} -f
|
||||
# {{ ansible_managed }}
|
||||
{% set globalmerged = nft_global_default_rules.copy() %}
|
||||
{% set _ = globalmerged.update(nft_global_rules) %}
|
||||
|
|
|
@ -13,13 +13,13 @@ ProtectSystem=full
|
|||
ProtectHome=true
|
||||
{% endif %}
|
||||
{% if nft__fail2ban_service %}
|
||||
ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
|
||||
ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
|
||||
ExecStop=/bin/systemctl stop fail2ban.service ; /usr/sbin/nft flush ruleset
|
||||
ExecStart={{ nft__bin_location }} -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
|
||||
ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
|
||||
ExecStop=/bin/systemctl stop fail2ban.service ; {{ nft__bin_location }} flush ruleset
|
||||
{% else %}
|
||||
ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }}
|
||||
ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }}
|
||||
ExecStop=/usr/sbin/nft flush ruleset
|
||||
ExecStart={{ nft__bin_location }} -f {{ nft_main_conf_path }}
|
||||
ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }}
|
||||
ExecStop={{ nft__bin_location }} flush ruleset
|
||||
{% endif %}
|
||||
|
||||
[Install]
|
||||
|
|
|
@ -2,3 +2,4 @@
|
|||
# vars file for Gentoo
|
||||
nft_pkg_list:
|
||||
- net-firewall/nftables
|
||||
nft__bin_location: "/sbin/nft"
|
||||
|
|
Loading…
Reference in New Issue