Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).

2017-08-18 09:18:43 +02:00 · 2017-08-18 09:18:43 +02:00 · e439f6ae5f
parent c70b1bdc91
commit e439f6ae5f
4 changed files with 26 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,4 +1,9 @@

+## v1.2
+
+### Fixes
+* Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
+
 ## v1.1

 ### Features
--- a/README.md
+++ b/README.md
@ -20,15 +20,16 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (

 * **nft_pkg_manage** : If `nftables` package(s) should be managed with this role [default : `true`].
 * **nft_pkg_state** : State of new `nftables` package(s) [default : `installed`].
+* **nft_conf_dir_path** : Directory to store the differents Nftables configuration files [default : `/etc/nftables.d`].
 * **nft_main_conf_path** : Main configuration file loaded by systemd unit [default : `/etc/nftables.conf`].
 * **nft_main_conf_content** : Template used to generate the previous main configuration file [default : `etc/nftables.conf.j2`].
-* **nft_input_conf_path** : Input configuration file include in main configuration file [default : `/etc/nftables.d/filter-input.nft`].
+* **nft_input_conf_path** : Input configuration file include in main configuration file [default : `{{ nft_conf_dir_path }}filter-input.nft`].
 * **nft_input_conf_content** : Template used to generate the previous input configuration file [default : `etc/nftables.d/filter-input.nft.j2`].
+* **nft_output_conf_path** : Output configuration file include in main configuration file [default : `{{ nft_conf_dir_path }}filter-output.nft`].
 * **nft_output_conf_content** : Template used to generate the previous output configuration file [default : `etc/nftables.d/filter-output.nft.j2`].
-* **nft_output_conf_path** : Output configuration file include in main configuration file [default : `/etc/nftables.d/filter-output.nft`].
-* **nft_define_conf_path** : Vars definition file include in main configuration file [default : `/etc/nftables.d/defines.nft`].
+* **nft_define_conf_path** : Vars definition file include in main configuration file [default : `{{ nft_conf_dir_path }}defines.nft`].
 * **nft_define_conf_content** : Template used to generate the previous vars definition file [default : `etc/nftables.d/defines.nft.j2`].
-* **nft_sets_conf_path** : Sets and maps definition file include in main configuration file [default : `/etc/nftables.d/sets.nft`].
+* **nft_sets_conf_path** : Sets and maps definition file include in main configuration file [default : `{{ nft_conf_dir_path }}sets.nft`].
 * **nft_sets_conf_content** : Template used to generate the previous sets and maps definition file [default : `etc/nftables.d/sets.nft.j2`].
 * **nft_global_default_rules** : Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules.
 * **nft_global_group_rules** : You can add `global` rules or override those defined by **nft_global_default_rules** for a group.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -6,15 +6,16 @@ nft_pkg_manage: true
 nft_pkg_state: 'installed'

 # files
+nft_conf_dir_path: '/etc/nftables.d'
 nft_main_conf_path: '/etc/nftables.conf'
 nft_main_conf_content: 'etc/nftables.conf.j2'
-nft_input_conf_path: '/etc/nftables.d/filter-input.nft'
+nft_input_conf_path: '{{ nft_conf_dir_path }}/filter-input.nft'
 nft_input_conf_content: 'etc/nftables.d/filter-input.nft.j2'
-nft_output_conf_path: '/etc/nftables.d/filter-output.nft'
+nft_output_conf_path: '{{ nft_conf_dir_path }}/filter-output.nft'
 nft_output_conf_content: 'etc/nftables.d/filter-output.nft.j2'
-nft_define_conf_path: '/etc/nftables.d/defines.nft'
+nft_define_conf_path: '{{ nft_conf_dir_path }}/defines.nft'
 nft_define_conf_content: 'etc/nftables.d/defines.nft.j2'
-nft_set_conf_path: '/etc/nftables.d/sets.nft'
+nft_set_conf_path: '{{ nft_conf_dir_path }}/sets.nft'
 nft_set_conf_content: 'etc/nftables.d/sets.nft.j2'

 # rules
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -20,7 +20,13 @@
 # }}}

 # conf {{{
- name: generate main conf file
+- name: CONFIG create nftables.d dir
+  file:
+    path: "{{ nft_conf_dir_path }}"
+    state: directory
+    mode: 0755
+
+- name: CONFIG generate main conf file
  template:
    src: "{{ nft_main_conf_content }}"
    dest: "{{ nft_main_conf_path }}"
@ -30,7 +36,7 @@
    backup: yes
  notify: restart nftables service

- name: generate input rules file
+- name: CONFIG generate input rules file
  template:
    src: "{{ nft_input_conf_content }}"
    dest: "{{ nft_input_conf_path }}"
@ -40,7 +46,7 @@
    backup: yes
  notify: restart nftables service

- name: generate output rules file
+- name: CONFIG generate output rules file
  template:
    src: "{{ nft_output_conf_content }}"
    dest: "{{ nft_output_conf_path }}"
@ -50,7 +56,7 @@
    backup: yes
  notify: restart nftables service

- name: generate vars definition file
+- name: CONFIG generate vars definition file
  template:
    src: "{{ nft_define_conf_content }}"
    dest: "{{ nft_define_conf_path }}"
@ -60,7 +66,7 @@
    backup: yes
  notify: restart nftables service

- name: generate sets and maps file
+- name: CONFIG generate sets and maps file
  template:
    src: "{{ nft_set_conf_content }}"
    dest: "{{ nft_set_conf_path }}"