Philipp Rintz
3be5c95180
Add nft_custom_includes option for optional includes in the main filter table.
2021-03-03 13:57:36 +01:00
Jeremy Gardais
4576ec6ed4
Ansible-lint: Fix line longer than 160 chars
2021-01-05 15:58:43 +01:00
Jeremy Gardais
e9a83261fa
Release v1.7.0
2021-01-04 16:53:16 +01:00
Jeremy Gardais
0df963cd86
Merge branch 'p-rintz-master'
2021-01-04 15:23:43 +01:00
Philipp Rintz
639a9f7109
Fix formatting mistake in defaults/main.yml
2020-12-30 17:23:18 +01:00
Philipp Rintz
19ee0ed2bc
Change variable names + add debug toggle.
2020-12-30 17:15:14 +01:00
Philipp Rintz
b3e26a435e
Allow for undefined group variables for merged_groups.
2020-12-01 16:17:01 +01:00
Philipp Rintz
3d5edb45b9
Add additional variables to README
2020-11-29 15:36:26 +01:00
Philipp Rintz
65d7414785
Added merged_groups info to README.
2020-11-29 15:29:22 +01:00
Philipp Rintz
2b61973d1c
Fix error when variables were empty
2020-11-11 15:27:08 +01:00
Philipp Rintz
290a86e906
Support merged firewall rules for multiple groups per host.
...
- Multiple groups for a single server will now lead to all firewall
rules being merged instead of overwritten.
2020-11-10 21:17:11 +01:00
Jeremy Gardais
6e1c48ee99
Use var to include defines.nft file − Fix #9
2020-06-02 09:22:17 +02:00
Jeremy Gardais
b8d55b5822
Merge branch 'aardbol-patch-4'
2020-06-02 09:15:09 +02:00
Leonardo
f6c6df3dc6
added missing icmpv6 output rule
2020-06-02 09:11:51 +02:00
Jeremy Gardais
472badee55
Merge branch 'aardbol-patch-3'
2020-06-02 09:02:57 +02:00
Leonardo
1f91776374
Another playbook example
...
It was hard for me to learn how to use the role and override the default rules. Therefore I want to contribute another example
2020-06-02 09:01:54 +02:00
Jeremy Gardais
1fe24f01e4
Merge branch 'aardbol-patch-1' - input ICMPv6
2020-06-02 08:35:38 +02:00
Leonardo
15c0bf1625
Allow icmp(v6)
...
Allow pings and icmp traffic for both ipv4 and ipv6
2020-05-24 09:51:27 +02:00
Jeremy Gardais
88348aedab
New v1.6.0 release
2020-04-21 09:57:55 +02:00
Jeremy Gardais
221de0cc89
Reload nftables service to apply new rules
...
Fix #3 Github
2020-04-21 09:53:57 +02:00
Jeremy Gardais
72551575df
Fix the 10 minutes delay at first run ( fix #1 )!
2020-04-21 08:40:31 +02:00
Jeremy Gardais
74b864e2cb
Block ipv6 multicast by default
2020-04-21 08:31:51 +02:00
Jeremy Gardais
8f36904af7
Add libiptc0 to the list of old package to remove
...
libiptc0 is an iptables dependency.
2019-05-31 20:02:19 +02:00
Jeremy Gardais
5dee91df3e
Turn nft_old_pkg_list into a list as expected
2019-05-31 15:28:45 +02:00
Jeremy Gardais
dddc46282d
Merge branch 'JulienVdG-ansible-2-7-deprecation-fix'
2019-05-09 13:53:27 +02:00
Julien Viard de Galbert
5394cedc2a
Fix deprecation warning with ansible 2.7
...
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via
squash_actions is deprecated. Instead of using a loop to supply multiple
items and specifying `name: "{{ item }}"`, please use
`name: ['{{ nft_old_pkg_list }}']` and remove the loop.
This feature will be removed in version 2.11.
Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
2019-05-07 00:00:48 +02:00
Jeremy Gardais
7750b03e26
Include set definitions in nat table
2019-04-16 18:57:31 +02:00
Jeremy Gardais
bcc3fc6f85
Manage a NAT table with pre and postrouting chains
2019-04-16 16:11:02 +02:00
Jeremy Gardais
095e03f1b2
Include Nat rules files in main configuration
2019-04-16 15:59:08 +02:00
Jeremy Gardais
63b3bb2c13
Generate Nat table rules files
2019-04-16 15:48:30 +02:00
Jeremy Gardais
b77d492da2
Order and clean comments in defaults/main.yml file
2019-04-16 15:21:48 +02:00
Jeremy Gardais
a5199dc0f2
Clean tasks name and comments in tasks/main.yml file
2019-04-16 14:10:11 +02:00
Jeremy Gardais
4047d64c76
Add a variable to manage custom content (table, include,…)
2019-04-16 11:50:30 +02:00
Jeremy Gardais
b0da91bb73
Improve vars description/comments in default/main
2019-04-15 15:29:48 +02:00
Jeremy Gardais
83675dfe48
Allow to disable "Protect" in systemd unit
2019-03-15 11:13:26 +01:00
Jeremy Gardais
7ace36ed6e
Fix E405 Remote package tasks should have a retry
2019-02-27 13:31:25 +01:00
Jeremy Gardais
2dcf0ab10e
Use to_nice_json to manage packages list
2019-02-27 13:28:27 +01:00
Jeremy Gardais
f47be2bebe
Add possibility to restart Fail2ban service
2018-08-07 11:03:29 +02:00
Jeremy Gardais
fb43eeeb47
Set empty dependencies line to fix Galaxy warning
2018-08-06 15:19:06 +02:00
Jeremy Gardais
bf9a8450b5
The role now might require Ansible 2.5
...
According to the version available in Debian Stable backports.
2018-08-06 15:11:32 +02:00
Jeremy Gardais
1c3d0284d5
Add a additionnal level for all vars for all hosts
...
It can be defined in group_vars/all .
2018-08-06 15:09:20 +02:00
Jeremy Gardais
733b546e56
Fix deprecation warning for state "installed"
2018-07-25 15:09:04 +02:00
Jeremy Gardais
485f7fa83d
Move two task in systemd handler (try to fix #1 )
...
Try to fix the long delay at the first run.
2018-07-25 15:08:44 +02:00
Jeremy Gardais
bf9080fcb3
Set a variable to enable/disable Nftables
2018-05-16 14:38:33 +02:00
Jeremy Gardais
0a909641b5
Reload systemd daemons only if unit file change.
2018-02-06 17:28:41 +01:00
Jeremy Gardais
eb93ff65f9
Provide the systemd unit.
2018-02-06 17:17:48 +01:00
Jeremy Gardais
3e69865a56
Rename firewall table to filter table (most use on Debian).
2018-02-06 15:50:31 +01:00
Jeremy Gardais
ead7a337a0
Set's name can't exceed 15 characters !
2018-01-05 15:01:30 +01:00
Jeremy Gardais
38e1d0dabc
Allow icmpv6 outgoing traffic.
2017-08-25 17:05:42 +02:00
Jeremy Gardais
96080445da
Add a warning for the first run.
2017-08-23 15:02:27 +02:00