cellinfo
/
ansible.nftables
4
0
Fork 0
Code Issues Pull Requests Releases Activity
154 Commits 1 Branch 15 Tags 428 KiB
Commit Graph

29 Commits

Author SHA1 Message Date
Jeremy Gardais 1a5e044ebb
Move systemd "Protect" options to override file 
Rebase after Gentoo related commits
 2021-08-13 11:51:54 +02:00
Jeremy Gardais a34e5441a9
Start nftables systemd unit earlier 
Source: nftables 0.9.8-3.1 from Debian Bullseye
Thanks to @kravietz − PR #19
 2021-08-13 11:50:41 +02:00
Jeremy Gardais 5001448a81
Drop fail2ban restart from nftables unit 
Rebase after Gentoo related commits
 2021-08-13 11:50:31 +02:00
Jeremy Gardais 28cf15ee42
Manage Fail2ban in the "systemd way" 
Thanks to @FinweVI !

Rebase after Gentoo related commits
 2021-08-13 11:48:27 +02:00
Vladimir Timofeenko a442b8f637
Added ability to specify nft bin location 
Gentoo installs nft binary into /sbin/nft in accordance with the
filesystem spec:

https://devmanual.gentoo.org/general-concepts/filesystem/

This commit adds the ability to specify the location of nft binary
through variable nft__bin_location.

By default it is set to "/usr/sbin/nft".
 2021-08-11 08:50:37 -07:00
Philipp Rintz e0658c0661
Added the option to manage the forwarding firewall table. 2021-03-03 13:57:36 +01:00
Philipp Rintz 3be5c95180
Add nft_custom_includes option for optional includes in the main filter table. 2021-03-03 13:57:36 +01:00
Philipp Rintz 19ee0ed2bc Change variable names + add debug toggle. 2020-12-30 17:15:14 +01:00
Philipp Rintz 290a86e906 Support merged firewall rules for multiple groups per host. 
- Multiple groups for a single server will now lead to all firewall
    rules being merged instead of overwritten.
 2020-11-10 21:17:11 +01:00
Jeremy Gardais 6e1c48ee99 Use var to include defines.nft file − Fix #9 2020-06-02 09:22:17 +02:00
Jeremy Gardais 7750b03e26
Include set definitions in nat table 2019-04-16 18:57:31 +02:00
Jeremy Gardais 095e03f1b2
Include Nat rules files in main configuration 2019-04-16 15:59:08 +02:00
Jeremy Gardais 63b3bb2c13
Generate Nat table rules files 2019-04-16 15:48:30 +02:00
Jeremy Gardais 4047d64c76
Add a variable to manage custom content (table, include,…) 2019-04-16 11:50:30 +02:00
Jeremy Gardais 83675dfe48
Allow to disable "Protect" in systemd unit 2019-03-15 11:13:26 +01:00
Jeremy Gardais f47be2bebe
Add possibility to restart Fail2ban service 2018-08-07 11:03:29 +02:00
Jeremy Gardais 1c3d0284d5
Add a additionnal level for all vars for all hosts 
It can be defined in group_vars/all .
 2018-08-06 15:09:20 +02:00
Jeremy Gardais eb93ff65f9 Provide the systemd unit. 2018-02-06 17:17:48 +01:00
Jeremy Gardais 3e69865a56 Rename firewall table to filter table (most use on Debian). 2018-02-06 15:50:31 +01:00
Jeremy Gardais 74d068a92c Rollback to inet family (for ipv4 and ipv6). 2017-08-09 15:01:35 +02:00
Jeremy Gardais 6b6a3a1794 Use 'ip' family as default for the firewall table. 2017-08-09 11:18:49 +02:00
Jeremy Gardais c711ec53eb Move output rules to a specific file. 2017-08-08 15:35:05 +02:00
Jeremy Gardais 043bc55dcb Manage sets and maps definitions in a specific file. 2017-08-08 14:32:59 +02:00
Jeremy Gardais 983e77df5d Rename nft_input_conf file. 2017-08-08 13:42:44 +02:00
Jeremy Gardais f1d2f6582f Add possibility to have nftables vars. 2017-08-08 12:11:58 +02:00
Jeremy Gardais 2611dce9d9 Manage input rule with dict. 2017-08-07 17:50:11 +02:00
Jeremy Gardais 5ff44ffcfa Move input rules to a specific file. 2017-08-07 17:37:41 +02:00
Jeremy Gardais 98d2bf82db Add dict to manage global config rules. 2017-08-07 17:07:35 +02:00
Jeremy Gardais bc6f69fc59 Generate main configuration file. 2017-08-07 13:48:54 +02:00