Ensure to remove old packages (iptables,…).
This commit is contained in:
parent
e439f6ae5f
commit
f2d586c176
|
|
@ -1,6 +1,9 @@
|
||||||
|
|
||||||
## v1.2
|
## v1.2
|
||||||
|
|
||||||
|
### Features
|
||||||
|
* Ensure to remove old packages (iptables,…).
|
||||||
|
|
||||||
### Fixes
|
### Fixes
|
||||||
* Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
|
* Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,8 +7,8 @@
|
||||||
3. [Example Playbook](#example-playbook)
|
3. [Example Playbook](#example-playbook)
|
||||||
4. [Configuration](#configuration)
|
4. [Configuration](#configuration)
|
||||||
5. [Development](#development)
|
5. [Development](#development)
|
||||||
5. [License](#license)
|
6. [License](#license)
|
||||||
6. [Author Information](#author-information)
|
7. [Author Information](#author-information)
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
|
|
@ -20,6 +20,9 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] (
|
||||||
|
|
||||||
* **nft_pkg_manage** : If `nftables` package(s) should be managed with this role [default : `true`].
|
* **nft_pkg_manage** : If `nftables` package(s) should be managed with this role [default : `true`].
|
||||||
* **nft_pkg_state** : State of new `nftables` package(s) [default : `installed`].
|
* **nft_pkg_state** : State of new `nftables` package(s) [default : `installed`].
|
||||||
|
* **nft_old_pkg_list** : The list of useless packages to remove (such as Iptables,…) [default : `iptables`].
|
||||||
|
* **nft_old_pkg_state** : State of old package(s) [default : `absent`].
|
||||||
|
* **nft_old_pkg_manage** : If old package(s) should be managed with this role [default : `true`].
|
||||||
* **nft_conf_dir_path** : Directory to store the differents Nftables configuration files [default : `/etc/nftables.d`].
|
* **nft_conf_dir_path** : Directory to store the differents Nftables configuration files [default : `/etc/nftables.d`].
|
||||||
* **nft_main_conf_path** : Main configuration file loaded by systemd unit [default : `/etc/nftables.conf`].
|
* **nft_main_conf_path** : Main configuration file loaded by systemd unit [default : `/etc/nftables.conf`].
|
||||||
* **nft_main_conf_content** : Template used to generate the previous main configuration file [default : `etc/nftables.conf.j2`].
|
* **nft_main_conf_content** : Template used to generate the previous main configuration file [default : `etc/nftables.conf.j2`].
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,9 @@
|
||||||
# packages
|
# packages
|
||||||
nft_pkg_manage: true
|
nft_pkg_manage: true
|
||||||
nft_pkg_state: 'installed'
|
nft_pkg_state: 'installed'
|
||||||
|
nft_old_pkg_list: 'iptables'
|
||||||
|
nft_old_pkg_state: 'absent'
|
||||||
|
nft_old_pkg_manage: true
|
||||||
|
|
||||||
# files
|
# files
|
||||||
nft_conf_dir_path: '/etc/nftables.d'
|
nft_conf_dir_path: '/etc/nftables.d'
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@
|
||||||
- "{{ ansible_os_family|lower }}.yml"
|
- "{{ ansible_os_family|lower }}.yml"
|
||||||
|
|
||||||
# package {{{
|
# package {{{
|
||||||
- name: Manage packages
|
- name: INSTALL Manage nftables packages
|
||||||
package:
|
package:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: '{{ nft_pkg_state }}'
|
state: '{{ nft_pkg_state }}'
|
||||||
|
|
@ -17,6 +17,13 @@
|
||||||
- '{{ nft_pkg_list }}'
|
- '{{ nft_pkg_list }}'
|
||||||
when: nft_pkg_manage
|
when: nft_pkg_manage
|
||||||
|
|
||||||
|
- name: INSTALL Remove iptables packages
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: '{{ nft_old_pkg_state }}'
|
||||||
|
with_items:
|
||||||
|
- '{{ nft_old_pkg_list }}'
|
||||||
|
when: nft_old_pkg_manage
|
||||||
# }}}
|
# }}}
|
||||||
|
|
||||||
# conf {{{
|
# conf {{{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue