Commit Graph

37 Commits

Author SHA1 Message Date
Jeremy Gardais 1a5e044ebb
Move systemd "Protect" options to override file
Rebase after Gentoo related commits
2021-08-13 11:51:54 +02:00
Jeremy Gardais 477f4f722c
Ensure to disable nftables unit from old target 2021-08-13 11:50:41 +02:00
Jeremy Gardais ac61739f91
Automatically add overrides for fail2ban unit 2021-08-13 11:50:40 +02:00
Jeremy Gardais 28cf15ee42
Manage Fail2ban in the "systemd way"
Thanks to @FinweVI !

Rebase after Gentoo related commits
2021-08-13 11:48:27 +02:00
Paweł Krawczyk 3b55e70281
Remove empty lines (yamllint) 2021-08-07 23:35:43 +01:00
Paweł Krawczyk 06c594f11b
Debug os family detection in GitHub Actions 2021-08-07 13:32:43 +01:00
Paweł Krawczyk 6084cfce83
Add task names as required by ansible-lint 2021-08-07 12:18:09 +01:00
Paweł Krawczyk 8fad9d75fd
Update cache on package install 2021-08-07 11:47:32 +01:00
Jeremy Gardais 7639f2bbbf
Merge branch 'backup_toggle' of https://github.com/p-rintz/nftables into p-rintz-backup_toggle 2021-03-12 09:54:06 +01:00
Philipp Rintz ab5c105419
Make config backup configurable by using nft_backup_conf variable. 2021-03-12 09:28:45 +01:00
Jeremy Gardais 60b7d49555
Merge branch 'feature_forwarding' of https://github.com/p-rintz/nftables into p-rintz-feature_forwarding 2021-03-09 18:02:31 +01:00
Philipp Rintz e0658c0661
Added the option to manage the forwarding firewall table. 2021-03-03 13:57:36 +01:00
Jeremy Gardais 4576ec6ed4
Ansible-lint: Fix line longer than 160 chars 2021-01-05 15:58:43 +01:00
Philipp Rintz 19ee0ed2bc Change variable names + add debug toggle. 2020-12-30 17:15:14 +01:00
Philipp Rintz b3e26a435e Allow for undefined group variables for merged_groups. 2020-12-01 16:17:01 +01:00
Philipp Rintz 2b61973d1c Fix error when variables were empty 2020-11-11 15:27:08 +01:00
Philipp Rintz 290a86e906 Support merged firewall rules for multiple groups per host.
- Multiple groups for a single server will now lead to all firewall
    rules being merged instead of overwritten.
2020-11-10 21:17:11 +01:00
Jeremy Gardais 221de0cc89 Reload nftables service to apply new rules
Fix #3 Github
2020-04-21 09:53:57 +02:00
Julien Viard de Galbert 5394cedc2a Fix deprecation warning with ansible 2.7
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via
squash_actions is deprecated. Instead of using a loop to supply multiple
items and specifying `name: "{{ item }}"`, please use
`name: ['{{ nft_old_pkg_list }}']` and remove the loop.
This feature will be removed in version 2.11.

Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
2019-05-07 00:00:48 +02:00
Jeremy Gardais 63b3bb2c13
Generate Nat table rules files 2019-04-16 15:48:30 +02:00
Jeremy Gardais a5199dc0f2
Clean tasks name and comments in tasks/main.yml file 2019-04-16 14:10:11 +02:00
Jeremy Gardais 7ace36ed6e
Fix E405 Remote package tasks should have a retry 2019-02-27 13:31:25 +01:00
Jeremy Gardais 2dcf0ab10e
Use to_nice_json to manage packages list 2019-02-27 13:28:27 +01:00
Jeremy Gardais 485f7fa83d
Move two task in systemd handler (try to fix #1)
Try to fix the long delay at the first run.
2018-07-25 15:08:44 +02:00
Jeremy Gardais bf9080fcb3
Set a variable to enable/disable Nftables 2018-05-16 14:38:33 +02:00
Jeremy Gardais 0a909641b5 Reload systemd daemons only if unit file change. 2018-02-06 17:28:41 +01:00
Jeremy Gardais eb93ff65f9 Provide the systemd unit. 2018-02-06 17:17:48 +01:00
Jeremy Gardais f2d586c176 Ensure to remove old packages (iptables,…). 2017-08-18 09:25:28 +02:00
Jeremy Gardais e439f6ae5f Ensure to create the the directory to store the differents configuration files (/etc/nftables.d). 2017-08-18 09:18:43 +02:00
Jeremy Gardais f5f4b83a84 Manage nftables service at startup. 2017-08-09 14:27:07 +02:00
Jeremy Gardais c711ec53eb Move output rules to a specific file. 2017-08-08 15:35:05 +02:00
Jeremy Gardais 043bc55dcb Manage sets and maps definitions in a specific file. 2017-08-08 14:32:59 +02:00
Jeremy Gardais f1d2f6582f Add possibility to have nftables vars. 2017-08-08 12:11:58 +02:00
Jeremy Gardais 5ff44ffcfa Move input rules to a specific file. 2017-08-07 17:37:41 +02:00
Jeremy Gardais 1c1013067d Notify `nftables` service when configuration file is modified. 2017-08-07 14:14:14 +02:00
Jeremy Gardais bc6f69fc59 Generate main configuration file. 2017-08-07 13:48:54 +02:00
Jeremy Gardais df57dc8042 Install nftables. 2017-08-07 12:09:13 +02:00