Philipp Rintz
|
e0658c0661
|
Added the option to manage the forwarding firewall table.
|
2021-03-03 13:57:36 +01:00 |
Philipp Rintz
|
3be5c95180
|
Add nft_custom_includes option for optional includes in the main filter table.
|
2021-03-03 13:57:36 +01:00 |
Jeremy Gardais
|
e9a83261fa
|
Release v1.7.0
|
2021-01-04 16:53:16 +01:00 |
Philipp Rintz
|
639a9f7109
|
Fix formatting mistake in defaults/main.yml
|
2020-12-30 17:23:18 +01:00 |
Philipp Rintz
|
19ee0ed2bc
|
Change variable names + add debug toggle.
|
2020-12-30 17:15:14 +01:00 |
Philipp Rintz
|
290a86e906
|
Support merged firewall rules for multiple groups per host.
- Multiple groups for a single server will now lead to all firewall
rules being merged instead of overwritten.
|
2020-11-10 21:17:11 +01:00 |
Leonardo
|
15c0bf1625
|
Allow icmp(v6)
Allow pings and icmp traffic for both ipv4 and ipv6
|
2020-05-24 09:51:27 +02:00 |
Jeremy Gardais
|
72551575df
|
Fix the 10 minutes delay at first run (fix #1)!
|
2020-04-21 08:40:31 +02:00 |
Jeremy Gardais
|
74b864e2cb
|
Block ipv6 multicast by default
|
2020-04-21 08:31:51 +02:00 |
Jeremy Gardais
|
8f36904af7
|
Add libiptc0 to the list of old package to remove
libiptc0 is an iptables dependency.
|
2019-05-31 20:02:19 +02:00 |
Jeremy Gardais
|
5dee91df3e
|
Turn nft_old_pkg_list into a list as expected
|
2019-05-31 15:28:45 +02:00 |
Jeremy Gardais
|
63b3bb2c13
|
Generate Nat table rules files
|
2019-04-16 15:48:30 +02:00 |
Jeremy Gardais
|
b77d492da2
|
Order and clean comments in defaults/main.yml file
|
2019-04-16 15:21:48 +02:00 |
Jeremy Gardais
|
4047d64c76
|
Add a variable to manage custom content (table, include,…)
|
2019-04-16 11:50:30 +02:00 |
Jeremy Gardais
|
b0da91bb73
|
Improve vars description/comments in default/main
|
2019-04-15 15:29:48 +02:00 |
Jeremy Gardais
|
83675dfe48
|
Allow to disable "Protect" in systemd unit
|
2019-03-15 11:13:26 +01:00 |
Jeremy Gardais
|
f47be2bebe
|
Add possibility to restart Fail2ban service
|
2018-08-07 11:03:29 +02:00 |
Jeremy Gardais
|
1c3d0284d5
|
Add a additionnal level for all vars for all hosts
It can be defined in group_vars/all .
|
2018-08-06 15:09:20 +02:00 |
Jeremy Gardais
|
733b546e56
|
Fix deprecation warning for state "installed"
|
2018-07-25 15:09:04 +02:00 |
Jeremy Gardais
|
bf9080fcb3
|
Set a variable to enable/disable Nftables
|
2018-05-16 14:38:33 +02:00 |
Jeremy Gardais
|
eb93ff65f9
|
Provide the systemd unit.
|
2018-02-06 17:17:48 +01:00 |
Jeremy Gardais
|
ead7a337a0
|
Set's name can't exceed 15 characters !
|
2018-01-05 15:01:30 +01:00 |
Jeremy Gardais
|
38e1d0dabc
|
Allow icmpv6 outgoing traffic.
|
2017-08-25 17:05:42 +02:00 |
Jeremy Gardais
|
f2d586c176
|
Ensure to remove old packages (iptables,…).
|
2017-08-18 09:25:28 +02:00 |
Jeremy Gardais
|
e439f6ae5f
|
Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
|
2017-08-18 09:18:43 +02:00 |
Jeremy Gardais
|
93e4a2e939
|
Allow outgoing OpenPGP HTTP requests.
|
2017-08-11 13:46:50 +02:00 |
Jeremy Gardais
|
b831267b8e
|
Define new sets and vars for input connections.
|
2017-08-09 17:17:03 +02:00 |
Jeremy Gardais
|
4beb9019de
|
Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
|
2017-08-09 16:08:52 +02:00 |
Jeremy Gardais
|
5dd7ea7a5d
|
Allow outgoing icmp.
|
2017-08-09 16:04:54 +02:00 |
Jeremy Gardais
|
2aafa3c320
|
Define new sets and vars for output to avoid multiple redifinition of
the dicts.
|
2017-08-09 14:56:40 +02:00 |
Jeremy Gardais
|
f5f4b83a84
|
Manage nftables service at startup.
|
2017-08-09 14:27:07 +02:00 |
Jeremy Gardais
|
6b6a3a1794
|
Use 'ip' family as default for the firewall table.
|
2017-08-09 11:18:49 +02:00 |
Jeremy Gardais
|
7a36fddf38
|
Allow localhost traffic.
|
2017-08-09 11:05:00 +02:00 |
Jeremy Gardais
|
9ba41af525
|
Allow DHCP communication by default.
|
2017-08-09 11:02:14 +02:00 |
Jeremy Gardais
|
e018e439bb
|
Set output default policy to drop and allow DNS request.
|
2017-08-09 10:34:29 +02:00 |
Jeremy Gardais
|
c711ec53eb
|
Move output rules to a specific file.
|
2017-08-08 15:35:05 +02:00 |
Jeremy Gardais
|
19acb4cb22
|
Allow SSH input by default.
|
2017-08-08 14:53:29 +02:00 |
Jeremy Gardais
|
84fd89f6e6
|
Block all input packets destinate to blackhole set by default.
|
2017-08-08 14:37:54 +02:00 |
Jeremy Gardais
|
043bc55dcb
|
Manage sets and maps definitions in a specific file.
|
2017-08-08 14:32:59 +02:00 |
Jeremy Gardais
|
983e77df5d
|
Rename nft_input_conf file.
|
2017-08-08 13:42:44 +02:00 |
Jeremy Gardais
|
f1d2f6582f
|
Add possibility to have nftables vars.
|
2017-08-08 12:11:58 +02:00 |
Jeremy Gardais
|
2611dce9d9
|
Manage input rule with dict.
|
2017-08-07 17:50:11 +02:00 |
Jeremy Gardais
|
5ff44ffcfa
|
Move input rules to a specific file.
|
2017-08-07 17:37:41 +02:00 |
Jeremy Gardais
|
98d2bf82db
|
Add dict to manage global config rules.
|
2017-08-07 17:07:35 +02:00 |
Jeremy Gardais
|
1c1013067d
|
Notify `nftables` service when configuration file is modified.
|
2017-08-07 14:14:14 +02:00 |
Jeremy Gardais
|
bc6f69fc59
|
Generate main configuration file.
|
2017-08-07 13:48:54 +02:00 |
Jeremy Gardais
|
df57dc8042
|
Install nftables.
|
2017-08-07 12:09:13 +02:00 |