cellinfo
/
ansible.nftables
2
0
Fork 0
Code Issues Pull Requests Releases Activity
111 Commits 1 Branch 15 Tags 428 KiB
Commit Graph

111 Commits

Author SHA1 Message Date
Jeremy Gardais 88348aedab New v1.6.0 release 2020-04-21 09:57:55 +02:00
Jeremy Gardais 221de0cc89 Reload nftables service to apply new rules 
Fix #3 Github
 2020-04-21 09:53:57 +02:00
Jeremy Gardais 72551575df Fix the 10 minutes delay at first run (fix #1)! 2020-04-21 08:40:31 +02:00
Jeremy Gardais 74b864e2cb Block ipv6 multicast by default 2020-04-21 08:31:51 +02:00
Jeremy Gardais 8f36904af7
Add libiptc0 to the list of old package to remove 
libiptc0 is an iptables dependency.
 2019-05-31 20:02:19 +02:00
Jeremy Gardais 5dee91df3e
Turn nft_old_pkg_list into a list as expected 2019-05-31 15:28:45 +02:00
Jeremy Gardais dddc46282d
Merge branch 'JulienVdG-ansible-2-7-deprecation-fix' 2019-05-09 13:53:27 +02:00
Julien Viard de Galbert 5394cedc2a Fix deprecation warning with ansible 2.7 
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via
squash_actions is deprecated. Instead of using a loop to supply multiple
items and specifying `name: "{{ item }}"`, please use
`name: ['{{ nft_old_pkg_list }}']` and remove the loop.
This feature will be removed in version 2.11.

Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
 2019-05-07 00:00:48 +02:00
Jeremy Gardais 7750b03e26
Include set definitions in nat table 2019-04-16 18:57:31 +02:00
Jeremy Gardais bcc3fc6f85
Manage a NAT table with pre and postrouting chains 2019-04-16 16:11:02 +02:00
Jeremy Gardais 095e03f1b2
Include Nat rules files in main configuration 2019-04-16 15:59:08 +02:00
Jeremy Gardais 63b3bb2c13
Generate Nat table rules files 2019-04-16 15:48:30 +02:00
Jeremy Gardais b77d492da2
Order and clean comments in defaults/main.yml file 2019-04-16 15:21:48 +02:00
Jeremy Gardais a5199dc0f2
Clean tasks name and comments in tasks/main.yml file 2019-04-16 14:10:11 +02:00
Jeremy Gardais 4047d64c76
Add a variable to manage custom content (table, include,…) 2019-04-16 11:50:30 +02:00
Jeremy Gardais b0da91bb73
Improve vars description/comments in default/main 2019-04-15 15:29:48 +02:00
Jeremy Gardais 83675dfe48
Allow to disable "Protect" in systemd unit 2019-03-15 11:13:26 +01:00
Jeremy Gardais 7ace36ed6e
Fix E405 Remote package tasks should have a retry 2019-02-27 13:31:25 +01:00
Jeremy Gardais 2dcf0ab10e
Use to_nice_json to manage packages list 2019-02-27 13:28:27 +01:00
Jeremy Gardais f47be2bebe
Add possibility to restart Fail2ban service 2018-08-07 11:03:29 +02:00
Jeremy Gardais fb43eeeb47
Set empty dependencies line to fix Galaxy warning 2018-08-06 15:19:06 +02:00
Jeremy Gardais bf9a8450b5
The role now might require Ansible 2.5 
According to the version available in Debian Stable backports.
 2018-08-06 15:11:32 +02:00
Jeremy Gardais 1c3d0284d5
Add a additionnal level for all vars for all hosts 
It can be defined in group_vars/all .
 2018-08-06 15:09:20 +02:00
Jeremy Gardais 733b546e56
Fix deprecation warning for state "installed" 2018-07-25 15:09:04 +02:00
Jeremy Gardais 485f7fa83d
Move two task in systemd handler (try to fix #1) 
Try to fix the long delay at the first run.
 2018-07-25 15:08:44 +02:00
Jeremy Gardais bf9080fcb3
Set a variable to enable/disable Nftables 2018-05-16 14:38:33 +02:00
Jeremy Gardais 0a909641b5 Reload systemd daemons only if unit file change. 2018-02-06 17:28:41 +01:00
Jeremy Gardais eb93ff65f9 Provide the systemd unit. 2018-02-06 17:17:48 +01:00
Jeremy Gardais 3e69865a56 Rename firewall table to filter table (most use on Debian). 2018-02-06 15:50:31 +01:00
Jeremy Gardais ead7a337a0 Set's name can't exceed 15 characters ! 2018-01-05 15:01:30 +01:00
Jeremy Gardais 38e1d0dabc Allow icmpv6 outgoing traffic. 2017-08-25 17:05:42 +02:00
Jeremy Gardais 96080445da Add a warning for the first run. 2017-08-23 15:02:27 +02:00
Jeremy Gardais f2d586c176 Ensure to remove old packages (iptables,…). 2017-08-18 09:25:28 +02:00
Jeremy Gardais e439f6ae5f Ensure to create the the directory to store the differents configuration files (/etc/nftables.d). 2017-08-18 09:18:43 +02:00
Jeremy Gardais c70b1bdc91 v1.1 2017-08-16 13:56:50 +02:00
Jeremy Gardais 93e4a2e939 Allow outgoing OpenPGP HTTP requests. 2017-08-11 13:46:50 +02:00
Jeremy Gardais b831267b8e Define new sets and vars for input connections. 2017-08-09 17:17:03 +02:00
Jeremy Gardais 4beb9019de Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule. 2017-08-09 16:08:52 +02:00
Jeremy Gardais 5dd7ea7a5d Allow outgoing icmp. 2017-08-09 16:04:54 +02:00
Jeremy Gardais 74d068a92c Rollback to inet family (for ipv4 and ipv6). 2017-08-09 15:01:35 +02:00
Jeremy Gardais 2aafa3c320 Define new sets and vars for output to avoid multiple redifinition of 
the dicts.
 2017-08-09 14:56:40 +02:00
Jeremy Gardais f5f4b83a84 Manage nftables service at startup. 2017-08-09 14:27:07 +02:00
Jeremy Gardais 6b474cc119 Add CHANGELOG.md. 2017-08-09 11:41:09 +02:00
Jeremy Gardais 6b6a3a1794 Use 'ip' family as default for the firewall table. 2017-08-09 11:18:49 +02:00
Jeremy Gardais 7a36fddf38 Allow localhost traffic. 2017-08-09 11:05:00 +02:00
Jeremy Gardais 9ba41af525 Allow DHCP communication by default. 2017-08-09 11:02:14 +02:00
Jeremy Gardais e018e439bb Set output default policy to drop and allow DNS request. 2017-08-09 10:34:29 +02:00
Jeremy Gardais c711ec53eb Move output rules to a specific file. 2017-08-08 15:35:05 +02:00
Jeremy Gardais 19acb4cb22 Allow SSH input by default. 2017-08-08 14:53:29 +02:00
Jeremy Gardais 84fd89f6e6 Block all input packets destinate to blackhole set by default. 2017-08-08 14:37:54 +02:00