Leonardo
|
1f91776374
|
Another playbook example
It was hard for me to learn how to use the role and override the default rules. Therefore I want to contribute another example
|
2020-06-02 09:01:54 +02:00 |
 Jeremy Gardais
|
221de0cc89
|
Reload nftables service to apply new rules
Fix #3 Github
|
2020-04-21 09:53:57 +02:00 |
|
Jeremy Gardais
|
72551575df
|
Fix the 10 minutes delay at first run (fix #1)!
|
2020-04-21 08:40:31 +02:00 |
|
Jeremy Gardais
|
bcc3fc6f85
|
Manage a NAT table with pre and postrouting chains
|
2019-04-16 16:11:02 +02:00 |
|
Jeremy Gardais
|
4047d64c76
|
Add a variable to manage custom content (table, include,…)
|
2019-04-16 11:50:30 +02:00 |
|
Jeremy Gardais
|
83675dfe48
|
Allow to disable "Protect" in systemd unit
|
2019-03-15 11:13:26 +01:00 |
|
Jeremy Gardais
|
f47be2bebe
|
Add possibility to restart Fail2ban service
|
2018-08-07 11:03:29 +02:00 |
|
Jeremy Gardais
|
1c3d0284d5
|
Add a additionnal level for all vars for all hosts
It can be defined in group_vars/all .
|
2018-08-06 15:09:20 +02:00 |
|
Jeremy Gardais
|
733b546e56
|
Fix deprecation warning for state "installed"
|
2018-07-25 15:09:04 +02:00 |
|
Jeremy Gardais
|
bf9080fcb3
|
Set a variable to enable/disable Nftables
|
2018-05-16 14:38:33 +02:00 |
|
Jeremy Gardais
|
3e69865a56
|
Rename firewall table to filter table (most use on Debian).
|
2018-02-06 15:50:31 +01:00 |
|
Jeremy Gardais
|
ead7a337a0
|
Set's name can't exceed 15 characters !
|
2018-01-05 15:01:30 +01:00 |
|
Jeremy Gardais
|
96080445da
|
Add a warning for the first run.
|
2017-08-23 15:02:27 +02:00 |
|
Jeremy Gardais
|
f2d586c176
|
Ensure to remove old packages (iptables,…).
|
2017-08-18 09:25:28 +02:00 |
|
Jeremy Gardais
|
e439f6ae5f
|
Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
|
2017-08-18 09:18:43 +02:00 |
|
Jeremy Gardais
|
93e4a2e939
|
Allow outgoing OpenPGP HTTP requests.
|
2017-08-11 13:46:50 +02:00 |
|
Jeremy Gardais
|
b831267b8e
|
Define new sets and vars for input connections.
|
2017-08-09 17:17:03 +02:00 |
|
Jeremy Gardais
|
4beb9019de
|
Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
|
2017-08-09 16:08:52 +02:00 |
|
Jeremy Gardais
|
5dd7ea7a5d
|
Allow outgoing icmp.
|
2017-08-09 16:04:54 +02:00 |
|
Jeremy Gardais
|
74d068a92c
|
Rollback to inet family (for ipv4 and ipv6).
|
2017-08-09 15:01:35 +02:00 |
|
Jeremy Gardais
|
2aafa3c320
|
Define new sets and vars for output to avoid multiple redifinition of
the dicts.
|
2017-08-09 14:56:40 +02:00 |
|
Jeremy Gardais
|
f5f4b83a84
|
Manage nftables service at startup.
|
2017-08-09 14:27:07 +02:00 |
|
Jeremy Gardais
|
6b6a3a1794
|
Use 'ip' family as default for the firewall table.
|
2017-08-09 11:18:49 +02:00 |
|
Jeremy Gardais
|
7a36fddf38
|
Allow localhost traffic.
|
2017-08-09 11:05:00 +02:00 |
|
Jeremy Gardais
|
9ba41af525
|
Allow DHCP communication by default.
|
2017-08-09 11:02:14 +02:00 |
|
Jeremy Gardais
|
e018e439bb
|
Set output default policy to drop and allow DNS request.
|
2017-08-09 10:34:29 +02:00 |
|
Jeremy Gardais
|
c711ec53eb
|
Move output rules to a specific file.
|
2017-08-08 15:35:05 +02:00 |
|
Jeremy Gardais
|
19acb4cb22
|
Allow SSH input by default.
|
2017-08-08 14:53:29 +02:00 |
|
Jeremy Gardais
|
84fd89f6e6
|
Block all input packets destinate to blackhole set by default.
|
2017-08-08 14:37:54 +02:00 |
|
Jeremy Gardais
|
043bc55dcb
|
Manage sets and maps definitions in a specific file.
|
2017-08-08 14:32:59 +02:00 |
|
Jeremy Gardais
|
983e77df5d
|
Rename nft_input_conf file.
|
2017-08-08 13:42:44 +02:00 |
|
Jeremy Gardais
|
f1d2f6582f
|
Add possibility to have nftables vars.
|
2017-08-08 12:11:58 +02:00 |
|
Jeremy Gardais
|
4fdf3232c3
|
Add an example playbook.
|
2017-08-07 17:59:21 +02:00 |
|
Jeremy Gardais
|
2611dce9d9
|
Manage input rule with dict.
|
2017-08-07 17:50:11 +02:00 |
|
Jeremy Gardais
|
5ff44ffcfa
|
Move input rules to a specific file.
|
2017-08-07 17:37:41 +02:00 |
|
Jeremy Gardais
|
817e6d46fd
|
Thanks to Mike Gleason inspiration in his role !
|
2017-08-07 17:16:09 +02:00 |
|
Jeremy Gardais
|
98d2bf82db
|
Add dict to manage global config rules.
|
2017-08-07 17:07:35 +02:00 |
|
Jeremy Gardais
|
1c1013067d
|
Notify `nftables` service when configuration file is modified.
|
2017-08-07 14:14:14 +02:00 |
|
Jeremy Gardais
|
bc6f69fc59
|
Generate main configuration file.
|
2017-08-07 13:48:54 +02:00 |
|
Jeremy Gardais
|
df57dc8042
|
Install nftables.
|
2017-08-07 12:09:13 +02:00 |