diff --git a/CHANGELOG.md b/CHANGELOG.md index 0afc327..9804b2c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,9 @@ +## v1.2 + +### Fixes +* Ensure to create the the directory to store the differents configuration files (/etc/nftables.d). + ## v1.1 ### Features diff --git a/README.md b/README.md index 40327fc..ec91d59 100644 --- a/README.md +++ b/README.md @@ -20,15 +20,16 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] ( * **nft_pkg_manage** : If `nftables` package(s) should be managed with this role [default : `true`]. * **nft_pkg_state** : State of new `nftables` package(s) [default : `installed`]. +* **nft_conf_dir_path** : Directory to store the differents Nftables configuration files [default : `/etc/nftables.d`]. * **nft_main_conf_path** : Main configuration file loaded by systemd unit [default : `/etc/nftables.conf`]. * **nft_main_conf_content** : Template used to generate the previous main configuration file [default : `etc/nftables.conf.j2`]. -* **nft_input_conf_path** : Input configuration file include in main configuration file [default : `/etc/nftables.d/filter-input.nft`]. +* **nft_input_conf_path** : Input configuration file include in main configuration file [default : `{{ nft_conf_dir_path }}filter-input.nft`]. * **nft_input_conf_content** : Template used to generate the previous input configuration file [default : `etc/nftables.d/filter-input.nft.j2`]. +* **nft_output_conf_path** : Output configuration file include in main configuration file [default : `{{ nft_conf_dir_path }}filter-output.nft`]. * **nft_output_conf_content** : Template used to generate the previous output configuration file [default : `etc/nftables.d/filter-output.nft.j2`]. -* **nft_output_conf_path** : Output configuration file include in main configuration file [default : `/etc/nftables.d/filter-output.nft`]. -* **nft_define_conf_path** : Vars definition file include in main configuration file [default : `/etc/nftables.d/defines.nft`]. +* **nft_define_conf_path** : Vars definition file include in main configuration file [default : `{{ nft_conf_dir_path }}defines.nft`]. * **nft_define_conf_content** : Template used to generate the previous vars definition file [default : `etc/nftables.d/defines.nft.j2`]. -* **nft_sets_conf_path** : Sets and maps definition file include in main configuration file [default : `/etc/nftables.d/sets.nft`]. +* **nft_sets_conf_path** : Sets and maps definition file include in main configuration file [default : `{{ nft_conf_dir_path }}sets.nft`]. * **nft_sets_conf_content** : Template used to generate the previous sets and maps definition file [default : `etc/nftables.d/sets.nft.j2`]. * **nft_global_default_rules** : Set default rules for `global` chain. Other chains will jump to `global` before apply their specific rules. * **nft_global_group_rules** : You can add `global` rules or override those defined by **nft_global_default_rules** for a group. diff --git a/defaults/main.yml b/defaults/main.yml index 1cbf118..7ff64f0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,15 +6,16 @@ nft_pkg_manage: true nft_pkg_state: 'installed' # files +nft_conf_dir_path: '/etc/nftables.d' nft_main_conf_path: '/etc/nftables.conf' nft_main_conf_content: 'etc/nftables.conf.j2' -nft_input_conf_path: '/etc/nftables.d/filter-input.nft' +nft_input_conf_path: '{{ nft_conf_dir_path }}/filter-input.nft' nft_input_conf_content: 'etc/nftables.d/filter-input.nft.j2' -nft_output_conf_path: '/etc/nftables.d/filter-output.nft' +nft_output_conf_path: '{{ nft_conf_dir_path }}/filter-output.nft' nft_output_conf_content: 'etc/nftables.d/filter-output.nft.j2' -nft_define_conf_path: '/etc/nftables.d/defines.nft' +nft_define_conf_path: '{{ nft_conf_dir_path }}/defines.nft' nft_define_conf_content: 'etc/nftables.d/defines.nft.j2' -nft_set_conf_path: '/etc/nftables.d/sets.nft' +nft_set_conf_path: '{{ nft_conf_dir_path }}/sets.nft' nft_set_conf_content: 'etc/nftables.d/sets.nft.j2' # rules diff --git a/tasks/main.yml b/tasks/main.yml index 7211855..ecceff0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,7 +20,13 @@ # }}} # conf {{{ -- name: generate main conf file +- name: CONFIG create nftables.d dir + file: + path: "{{ nft_conf_dir_path }}" + state: directory + mode: 0755 + +- name: CONFIG generate main conf file template: src: "{{ nft_main_conf_content }}" dest: "{{ nft_main_conf_path }}" @@ -30,7 +36,7 @@ backup: yes notify: restart nftables service -- name: generate input rules file +- name: CONFIG generate input rules file template: src: "{{ nft_input_conf_content }}" dest: "{{ nft_input_conf_path }}" @@ -40,7 +46,7 @@ backup: yes notify: restart nftables service -- name: generate output rules file +- name: CONFIG generate output rules file template: src: "{{ nft_output_conf_content }}" dest: "{{ nft_output_conf_path }}" @@ -50,7 +56,7 @@ backup: yes notify: restart nftables service -- name: generate vars definition file +- name: CONFIG generate vars definition file template: src: "{{ nft_define_conf_content }}" dest: "{{ nft_define_conf_path }}" @@ -60,7 +66,7 @@ backup: yes notify: restart nftables service -- name: generate sets and maps file +- name: CONFIG generate sets and maps file template: src: "{{ nft_set_conf_content }}" dest: "{{ nft_set_conf_path }}"