cellinfo
/
ansible.nftables
4
0
Fork 0
Code Issues Pull Requests Releases Activity
154 Commits 1 Branch 15 Tags 428 KiB
Commit Graph

55 Commits

Author SHA1 Message Date
Jeremy Gardais 1a5e044ebb
Move systemd "Protect" options to override file 
Rebase after Gentoo related commits
 2021-08-13 11:51:54 +02:00
Jeremy Gardais ac61739f91
Automatically add overrides for fail2ban unit 2021-08-13 11:50:40 +02:00
Jeremy Gardais 28cf15ee42
Manage Fail2ban in the "systemd way" 
Thanks to @FinweVI !

Rebase after Gentoo related commits
 2021-08-13 11:48:27 +02:00
Vladimir Timofeenko a442b8f637
Added ability to specify nft bin location 
Gentoo installs nft binary into /sbin/nft in accordance with the
filesystem spec:

https://devmanual.gentoo.org/general-concepts/filesystem/

This commit adds the ability to specify the location of nft binary
through variable nft__bin_location.

By default it is set to "/usr/sbin/nft".
 2021-08-11 08:50:37 -07:00
Jeremy Gardais 7639f2bbbf
Merge branch 'backup_toggle' of https://github.com/p-rintz/nftables into p-rintz-backup_toggle 2021-03-12 09:54:06 +01:00
Philipp Rintz ab5c105419
Make config backup configurable by using nft_backup_conf variable. 2021-03-12 09:28:45 +01:00
Jeremy Gardais 60b7d49555
Merge branch 'feature_forwarding' of https://github.com/p-rintz/nftables into p-rintz-feature_forwarding 2021-03-09 18:02:31 +01:00
Jeremy Gardais 9eff3cd1d0
Remove everything related to in_udp_accept 
See conversation in PR #13 (summary : cause it was empty by
 default and the role currently doesn't manage it well)
 2021-03-04 10:36:17 +01:00
Philipp Rintz e0658c0661
Added the option to manage the forwarding firewall table. 2021-03-03 13:57:36 +01:00
Philipp Rintz 3be5c95180
Add nft_custom_includes option for optional includes in the main filter table. 2021-03-03 13:57:36 +01:00
Jeremy Gardais e9a83261fa
Release v1.7.0 2021-01-04 16:53:16 +01:00
Philipp Rintz 639a9f7109 Fix formatting mistake in defaults/main.yml 2020-12-30 17:23:18 +01:00
Philipp Rintz 19ee0ed2bc Change variable names + add debug toggle. 2020-12-30 17:15:14 +01:00
Philipp Rintz 290a86e906 Support merged firewall rules for multiple groups per host. 
- Multiple groups for a single server will now lead to all firewall
    rules being merged instead of overwritten.
 2020-11-10 21:17:11 +01:00
Leonardo 15c0bf1625
Allow icmp(v6) 
Allow pings and icmp traffic for both ipv4 and ipv6
 2020-05-24 09:51:27 +02:00
Jeremy Gardais 72551575df Fix the 10 minutes delay at first run (fix #1)! 2020-04-21 08:40:31 +02:00
Jeremy Gardais 74b864e2cb Block ipv6 multicast by default 2020-04-21 08:31:51 +02:00
Jeremy Gardais 8f36904af7
Add libiptc0 to the list of old package to remove 
libiptc0 is an iptables dependency.
 2019-05-31 20:02:19 +02:00
Jeremy Gardais 5dee91df3e
Turn nft_old_pkg_list into a list as expected 2019-05-31 15:28:45 +02:00
Jeremy Gardais 63b3bb2c13
Generate Nat table rules files 2019-04-16 15:48:30 +02:00
Jeremy Gardais b77d492da2
Order and clean comments in defaults/main.yml file 2019-04-16 15:21:48 +02:00
Jeremy Gardais 4047d64c76
Add a variable to manage custom content (table, include,…) 2019-04-16 11:50:30 +02:00
Jeremy Gardais b0da91bb73
Improve vars description/comments in default/main 2019-04-15 15:29:48 +02:00
Jeremy Gardais 83675dfe48
Allow to disable "Protect" in systemd unit 2019-03-15 11:13:26 +01:00
Jeremy Gardais f47be2bebe
Add possibility to restart Fail2ban service 2018-08-07 11:03:29 +02:00
Jeremy Gardais 1c3d0284d5
Add a additionnal level for all vars for all hosts 
It can be defined in group_vars/all .
 2018-08-06 15:09:20 +02:00
Jeremy Gardais 733b546e56
Fix deprecation warning for state "installed" 2018-07-25 15:09:04 +02:00
Jeremy Gardais bf9080fcb3
Set a variable to enable/disable Nftables 2018-05-16 14:38:33 +02:00
Jeremy Gardais eb93ff65f9 Provide the systemd unit. 2018-02-06 17:17:48 +01:00
Jeremy Gardais ead7a337a0 Set's name can't exceed 15 characters ! 2018-01-05 15:01:30 +01:00
Jeremy Gardais 38e1d0dabc Allow icmpv6 outgoing traffic. 2017-08-25 17:05:42 +02:00
Jeremy Gardais f2d586c176 Ensure to remove old packages (iptables,…). 2017-08-18 09:25:28 +02:00
Jeremy Gardais e439f6ae5f Ensure to create the the directory to store the differents configuration files (/etc/nftables.d). 2017-08-18 09:18:43 +02:00
Jeremy Gardais 93e4a2e939 Allow outgoing OpenPGP HTTP requests. 2017-08-11 13:46:50 +02:00
Jeremy Gardais b831267b8e Define new sets and vars for input connections. 2017-08-09 17:17:03 +02:00
Jeremy Gardais 4beb9019de Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule. 2017-08-09 16:08:52 +02:00
Jeremy Gardais 5dd7ea7a5d Allow outgoing icmp. 2017-08-09 16:04:54 +02:00
Jeremy Gardais 2aafa3c320 Define new sets and vars for output to avoid multiple redifinition of 
the dicts.
 2017-08-09 14:56:40 +02:00
Jeremy Gardais f5f4b83a84 Manage nftables service at startup. 2017-08-09 14:27:07 +02:00
Jeremy Gardais 6b6a3a1794 Use 'ip' family as default for the firewall table. 2017-08-09 11:18:49 +02:00
Jeremy Gardais 7a36fddf38 Allow localhost traffic. 2017-08-09 11:05:00 +02:00
Jeremy Gardais 9ba41af525 Allow DHCP communication by default. 2017-08-09 11:02:14 +02:00
Jeremy Gardais e018e439bb Set output default policy to drop and allow DNS request. 2017-08-09 10:34:29 +02:00
Jeremy Gardais c711ec53eb Move output rules to a specific file. 2017-08-08 15:35:05 +02:00
Jeremy Gardais 19acb4cb22 Allow SSH input by default. 2017-08-08 14:53:29 +02:00
Jeremy Gardais 84fd89f6e6 Block all input packets destinate to blackhole set by default. 2017-08-08 14:37:54 +02:00
Jeremy Gardais 043bc55dcb Manage sets and maps definitions in a specific file. 2017-08-08 14:32:59 +02:00
Jeremy Gardais 983e77df5d Rename nft_input_conf file. 2017-08-08 13:42:44 +02:00
Jeremy Gardais f1d2f6582f Add possibility to have nftables vars. 2017-08-08 12:11:58 +02:00
Jeremy Gardais 2611dce9d9 Manage input rule with dict. 2017-08-07 17:50:11 +02:00