cellinfo
/
ansible.nftables
2
0
Fork 0
Code Issues Pull Requests Releases Activity
129 Commits 1 Branch 15 Tags 428 KiB
Commit Graph

129 Commits

Author SHA1 Message Date
Philipp Rintz 3be5c95180
Add nft_custom_includes option for optional includes in the main filter table. 2021-03-03 13:57:36 +01:00
Jeremy Gardais 4576ec6ed4
Ansible-lint: Fix line longer than 160 chars 2021-01-05 15:58:43 +01:00
Jeremy Gardais e9a83261fa
Release v1.7.0 2021-01-04 16:53:16 +01:00
Jeremy Gardais 0df963cd86
Merge branch 'p-rintz-master' 2021-01-04 15:23:43 +01:00
Philipp Rintz 639a9f7109 Fix formatting mistake in defaults/main.yml 2020-12-30 17:23:18 +01:00
Philipp Rintz 19ee0ed2bc Change variable names + add debug toggle. 2020-12-30 17:15:14 +01:00
Philipp Rintz b3e26a435e Allow for undefined group variables for merged_groups. 2020-12-01 16:17:01 +01:00
Philipp Rintz 3d5edb45b9 Add additional variables to README 2020-11-29 15:36:26 +01:00
Philipp Rintz 65d7414785 Added merged_groups info to README. 2020-11-29 15:29:22 +01:00
Philipp Rintz 2b61973d1c Fix error when variables were empty 2020-11-11 15:27:08 +01:00
Philipp Rintz 290a86e906 Support merged firewall rules for multiple groups per host. 
- Multiple groups for a single server will now lead to all firewall
    rules being merged instead of overwritten.
 2020-11-10 21:17:11 +01:00
Jeremy Gardais 6e1c48ee99 Use var to include defines.nft file − Fix #9 2020-06-02 09:22:17 +02:00
Jeremy Gardais b8d55b5822 Merge branch 'aardbol-patch-4' 2020-06-02 09:15:09 +02:00
Leonardo f6c6df3dc6 added missing icmpv6 output rule 2020-06-02 09:11:51 +02:00
Jeremy Gardais 472badee55 Merge branch 'aardbol-patch-3' 2020-06-02 09:02:57 +02:00
Leonardo 1f91776374 Another playbook example 
It was hard for me to learn how to use the role and override the default rules. Therefore I want to contribute another example
 2020-06-02 09:01:54 +02:00
Jeremy Gardais 1fe24f01e4 Merge branch 'aardbol-patch-1' - input ICMPv6 2020-06-02 08:35:38 +02:00
Leonardo 15c0bf1625
Allow icmp(v6) 
Allow pings and icmp traffic for both ipv4 and ipv6
 2020-05-24 09:51:27 +02:00
Jeremy Gardais 88348aedab New v1.6.0 release 2020-04-21 09:57:55 +02:00
Jeremy Gardais 221de0cc89 Reload nftables service to apply new rules 
Fix #3 Github
 2020-04-21 09:53:57 +02:00
Jeremy Gardais 72551575df Fix the 10 minutes delay at first run (fix #1)! 2020-04-21 08:40:31 +02:00
Jeremy Gardais 74b864e2cb Block ipv6 multicast by default 2020-04-21 08:31:51 +02:00
Jeremy Gardais 8f36904af7
Add libiptc0 to the list of old package to remove 
libiptc0 is an iptables dependency.
 2019-05-31 20:02:19 +02:00
Jeremy Gardais 5dee91df3e
Turn nft_old_pkg_list into a list as expected 2019-05-31 15:28:45 +02:00
Jeremy Gardais dddc46282d
Merge branch 'JulienVdG-ansible-2-7-deprecation-fix' 2019-05-09 13:53:27 +02:00
Julien Viard de Galbert 5394cedc2a Fix deprecation warning with ansible 2.7 
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via
squash_actions is deprecated. Instead of using a loop to supply multiple
items and specifying `name: "{{ item }}"`, please use
`name: ['{{ nft_old_pkg_list }}']` and remove the loop.
This feature will be removed in version 2.11.

Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
 2019-05-07 00:00:48 +02:00
Jeremy Gardais 7750b03e26
Include set definitions in nat table 2019-04-16 18:57:31 +02:00
Jeremy Gardais bcc3fc6f85
Manage a NAT table with pre and postrouting chains 2019-04-16 16:11:02 +02:00
Jeremy Gardais 095e03f1b2
Include Nat rules files in main configuration 2019-04-16 15:59:08 +02:00
Jeremy Gardais 63b3bb2c13
Generate Nat table rules files 2019-04-16 15:48:30 +02:00
Jeremy Gardais b77d492da2
Order and clean comments in defaults/main.yml file 2019-04-16 15:21:48 +02:00
Jeremy Gardais a5199dc0f2
Clean tasks name and comments in tasks/main.yml file 2019-04-16 14:10:11 +02:00
Jeremy Gardais 4047d64c76
Add a variable to manage custom content (table, include,…) 2019-04-16 11:50:30 +02:00
Jeremy Gardais b0da91bb73
Improve vars description/comments in default/main 2019-04-15 15:29:48 +02:00
Jeremy Gardais 83675dfe48
Allow to disable "Protect" in systemd unit 2019-03-15 11:13:26 +01:00
Jeremy Gardais 7ace36ed6e
Fix E405 Remote package tasks should have a retry 2019-02-27 13:31:25 +01:00
Jeremy Gardais 2dcf0ab10e
Use to_nice_json to manage packages list 2019-02-27 13:28:27 +01:00
Jeremy Gardais f47be2bebe
Add possibility to restart Fail2ban service 2018-08-07 11:03:29 +02:00
Jeremy Gardais fb43eeeb47
Set empty dependencies line to fix Galaxy warning 2018-08-06 15:19:06 +02:00
Jeremy Gardais bf9a8450b5
The role now might require Ansible 2.5 
According to the version available in Debian Stable backports.
 2018-08-06 15:11:32 +02:00
Jeremy Gardais 1c3d0284d5
Add a additionnal level for all vars for all hosts 
It can be defined in group_vars/all .
 2018-08-06 15:09:20 +02:00
Jeremy Gardais 733b546e56
Fix deprecation warning for state "installed" 2018-07-25 15:09:04 +02:00
Jeremy Gardais 485f7fa83d
Move two task in systemd handler (try to fix #1) 
Try to fix the long delay at the first run.
 2018-07-25 15:08:44 +02:00
Jeremy Gardais bf9080fcb3
Set a variable to enable/disable Nftables 2018-05-16 14:38:33 +02:00
Jeremy Gardais 0a909641b5 Reload systemd daemons only if unit file change. 2018-02-06 17:28:41 +01:00
Jeremy Gardais eb93ff65f9 Provide the systemd unit. 2018-02-06 17:17:48 +01:00
Jeremy Gardais 3e69865a56 Rename firewall table to filter table (most use on Debian). 2018-02-06 15:50:31 +01:00
Jeremy Gardais ead7a337a0 Set's name can't exceed 15 characters ! 2018-01-05 15:01:30 +01:00
Jeremy Gardais 38e1d0dabc Allow icmpv6 outgoing traffic. 2017-08-25 17:05:42 +02:00
Jeremy Gardais 96080445da Add a warning for the first run. 2017-08-23 15:02:27 +02:00