diff --git a/CHANGELOG.md b/CHANGELOG.md index f3b56fd..9d65e50 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,9 @@ +## v1.x + +### Features +* Manage nftables service at startup. + ## v1.0 ### Features diff --git a/README.md b/README.md index 95505dd..9c73a15 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ Highly inspired by [Mike Gleason firewall role][mikegleasonjr firewall github] ( * **nft_define_host** : You can add or override existant vars. * **nft_service_manage** : If `nftables` service should be managed with this role [default : `true`]. * **nft_service_name** : `nftables` service name [default : `nftables`]. +* **nft_service_enabled** : Set `nftables` service available at startup [default : `true`]. ### OS Specific Variables @@ -202,6 +203,7 @@ nft_input_group_rules: This role will : * Install `nftables` on the system. +* Enable `nftables` service by default at startup. * Generate a default configuration file which include all following files and loaded by systemd unit. * Generate input and output rules files include called by the main configuration file. * Generate vars in a file and sets and maps in another file. diff --git a/defaults/main.yml b/defaults/main.yml index 008ebec..9b25f1c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,7 +5,7 @@ nft_pkg_manage: true nft_pkg_state: 'installed' -# conf +# files nft_main_conf_path: '/etc/nftables.conf' nft_main_conf_content: 'etc/nftables.conf.j2' nft_input_conf_path: '/etc/nftables.d/filter-input.nft' @@ -74,3 +74,4 @@ nft_set_host: {} # service nft_service_manage: true nft_service_name: 'nftables' +nft_service_enabled: true diff --git a/tasks/main.yml b/tasks/main.yml index 29f0c8d..7211855 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -70,3 +70,12 @@ backup: yes notify: restart nftables service # }}} + +# service {{{ +- name: SERVICE manage '{{ nft_service_name }}' + service: + name: '{{ nft_service_name }}' + state: started + enabled: '{{ nft_service_enabled }}' + when: nft_service_manage +# }}}