Commit Graph

143 Commits

Author SHA1 Message Date
Vladimir Timofeenko 97044bc28f
Added default variables for Gentoo
Gentoo package name for nftables is 'net-firewall/nftables'
2021-08-06 16:20:49 -07:00
Jeremy Gardais adc627ebc0 Merge remote-tracking branch 'github/add_molecule' 2021-08-06 16:09:20 +02:00
Paweł Krawczyk 564038c06e
Add Molecule test scenario 2021-08-06 10:28:16 +01:00
Paweł Krawczyk eafc04a360
Version should be string (ansible-lint) 2021-08-06 10:27:44 +01:00
Jeremy Gardais 0cb79c2a47
Update CHANGELOG.md 2021-03-12 10:32:25 +01:00
Jeremy Gardais a71b9c3a62
Merge branch 'p-rintz-backup_toggle' 2021-03-12 10:23:30 +01:00
Jeremy Gardais 7639f2bbbf
Merge branch 'backup_toggle' of https://github.com/p-rintz/nftables into p-rintz-backup_toggle 2021-03-12 09:54:06 +01:00
Jeremy Gardais f7dffda808
Merge branch 'p-rintz-feature_forwarding' 2021-03-12 09:42:10 +01:00
Philipp Rintz ab5c105419
Make config backup configurable by using nft_backup_conf variable. 2021-03-12 09:28:45 +01:00
Jeremy Gardais 60b7d49555
Merge branch 'feature_forwarding' of https://github.com/p-rintz/nftables into p-rintz-feature_forwarding 2021-03-09 18:02:31 +01:00
Jeremy Gardais db3fbdc9b4
New examples usecases (mostly for playbooks) 2021-03-09 17:55:55 +01:00
Jeremy Gardais 9eff3cd1d0
Remove everything related to in_udp_accept
See conversation in PR #13 (summary : cause it was empty by
 default and the role currently doesn't manage it well)
2021-03-04 10:36:17 +01:00
Philipp Rintz 51d768539f
Add forward chain variables to README.md 2021-03-03 13:57:36 +01:00
Philipp Rintz e0658c0661
Added the option to manage the forwarding firewall table. 2021-03-03 13:57:36 +01:00
Philipp Rintz 3be5c95180
Add nft_custom_includes option for optional includes in the main filter table. 2021-03-03 13:57:36 +01:00
Jeremy Gardais 4576ec6ed4
Ansible-lint: Fix line longer than 160 chars 2021-01-05 15:58:43 +01:00
Jeremy Gardais e9a83261fa
Release v1.7.0 2021-01-04 16:53:16 +01:00
Jeremy Gardais 0df963cd86
Merge branch 'p-rintz-master' 2021-01-04 15:23:43 +01:00
Philipp Rintz 639a9f7109 Fix formatting mistake in defaults/main.yml 2020-12-30 17:23:18 +01:00
Philipp Rintz 19ee0ed2bc Change variable names + add debug toggle. 2020-12-30 17:15:14 +01:00
Philipp Rintz b3e26a435e Allow for undefined group variables for merged_groups. 2020-12-01 16:17:01 +01:00
Philipp Rintz 3d5edb45b9 Add additional variables to README 2020-11-29 15:36:26 +01:00
Philipp Rintz 65d7414785 Added merged_groups info to README. 2020-11-29 15:29:22 +01:00
Philipp Rintz 2b61973d1c Fix error when variables were empty 2020-11-11 15:27:08 +01:00
Philipp Rintz 290a86e906 Support merged firewall rules for multiple groups per host.
- Multiple groups for a single server will now lead to all firewall
    rules being merged instead of overwritten.
2020-11-10 21:17:11 +01:00
Jeremy Gardais 6e1c48ee99 Use var to include defines.nft file − Fix #9 2020-06-02 09:22:17 +02:00
Jeremy Gardais b8d55b5822 Merge branch 'aardbol-patch-4' 2020-06-02 09:15:09 +02:00
Leonardo f6c6df3dc6 added missing icmpv6 output rule 2020-06-02 09:11:51 +02:00
Jeremy Gardais 472badee55 Merge branch 'aardbol-patch-3' 2020-06-02 09:02:57 +02:00
Leonardo 1f91776374 Another playbook example
It was hard for me to learn how to use the role and override the default rules. Therefore I want to contribute another example
2020-06-02 09:01:54 +02:00
Jeremy Gardais 1fe24f01e4 Merge branch 'aardbol-patch-1' - input ICMPv6 2020-06-02 08:35:38 +02:00
Leonardo 15c0bf1625
Allow icmp(v6)
Allow pings and icmp traffic for both ipv4 and ipv6
2020-05-24 09:51:27 +02:00
Jeremy Gardais 88348aedab New v1.6.0 release 2020-04-21 09:57:55 +02:00
Jeremy Gardais 221de0cc89 Reload nftables service to apply new rules
Fix #3 Github
2020-04-21 09:53:57 +02:00
Jeremy Gardais 72551575df Fix the 10 minutes delay at first run (fix #1)! 2020-04-21 08:40:31 +02:00
Jeremy Gardais 74b864e2cb Block ipv6 multicast by default 2020-04-21 08:31:51 +02:00
Jeremy Gardais 8f36904af7
Add libiptc0 to the list of old package to remove
libiptc0 is an iptables dependency.
2019-05-31 20:02:19 +02:00
Jeremy Gardais 5dee91df3e
Turn nft_old_pkg_list into a list as expected 2019-05-31 15:28:45 +02:00
Jeremy Gardais dddc46282d
Merge branch 'JulienVdG-ansible-2-7-deprecation-fix' 2019-05-09 13:53:27 +02:00
Julien Viard de Galbert 5394cedc2a Fix deprecation warning with ansible 2.7
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via
squash_actions is deprecated. Instead of using a loop to supply multiple
items and specifying `name: "{{ item }}"`, please use
`name: ['{{ nft_old_pkg_list }}']` and remove the loop.
This feature will be removed in version 2.11.

Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
2019-05-07 00:00:48 +02:00
Jeremy Gardais 7750b03e26
Include set definitions in nat table 2019-04-16 18:57:31 +02:00
Jeremy Gardais bcc3fc6f85
Manage a NAT table with pre and postrouting chains 2019-04-16 16:11:02 +02:00
Jeremy Gardais 095e03f1b2
Include Nat rules files in main configuration 2019-04-16 15:59:08 +02:00
Jeremy Gardais 63b3bb2c13
Generate Nat table rules files 2019-04-16 15:48:30 +02:00
Jeremy Gardais b77d492da2
Order and clean comments in defaults/main.yml file 2019-04-16 15:21:48 +02:00
Jeremy Gardais a5199dc0f2
Clean tasks name and comments in tasks/main.yml file 2019-04-16 14:10:11 +02:00
Jeremy Gardais 4047d64c76
Add a variable to manage custom content (table, include,…) 2019-04-16 11:50:30 +02:00
Jeremy Gardais b0da91bb73
Improve vars description/comments in default/main 2019-04-15 15:29:48 +02:00
Jeremy Gardais 83675dfe48
Allow to disable "Protect" in systemd unit 2019-03-15 11:13:26 +01:00
Jeremy Gardais 7ace36ed6e
Fix E405 Remote package tasks should have a retry 2019-02-27 13:31:25 +01:00