Generate main configuration file.

README.md

@@ -17,6 +17,8 @@ A role to manage Nftables rules and packages.
 
 * **nft_pkg_manage** : If `nftables` package(s) should be managed with this role [default : `true`].
 * **nft_pkg_state** : State of new `nftables` package(s) [default : `installed`].
+* **nft_main_conf_path** : Main configuration file loaded by systemd unit [default : `/etc/nftables.conf`].
+* **nft_main_conf_content** : Template used to generate the previous main configuration file [default : `etc/nftables.conf.j2`].
 
 ### OS Specific Variables
 
@@ -38,6 +40,7 @@ Please see default value by Operating System file in [vars][vars directory] dire
 
 This role will :
 * Install `nftables` on the system.
+* Generate a default configuration file loaded by systemd unit.
 
 ## Development
 

defaults/main.yml

@@ -2,5 +2,9 @@
 # defaults file for nftables
 
 # packages
- nft_pkg_manage: true
+nft_pkg_manage: true
- nft_pkg_state: 'installed'
+nft_pkg_state: 'installed'
+
+# conf
+nft_main_conf_path: '/etc/nftables.conf'
+nft_main_conf_content: 'etc/nftables.conf.j2'

tasks/main.yml

@@ -8,6 +8,7 @@
     - "{{ ansible_distribution|lower }}.yml"
     - "{{ ansible_os_family|lower }}.yml"
 
+# package {{{
 - name: Manage packages
   package:
     name: '{{ item }}'
@@ -16,3 +17,16 @@
     - '{{ nft_pkg_list }}'
   when: nft_pkg_manage
 
+# }}}
+
+# conf {{{
+- name: generate main conf file
+  template:
+    src: "{{ nft_main_conf_content }}"
+    dest: "{{ nft_main_conf_path }}"
+    owner: root
+    group: root
+    mode: 0755
+    backup: yes
+
+# }}}

templates/etc/nftables.conf.j2

@@ -0,0 +1,14 @@
+#!/usr/sbin/nft -f
+# {{ ansible_managed }}
+
+# clean
+flush ruleset
+
+table inet firewall {
+	chain input {
+		type filter hook input priority 0;
+	}
+	chain output {
+		type filter hook output priority 0;
+	}
+}