Jeremy Gardais
ac61739f91
Automatically add overrides for fail2ban unit
2021-08-13 11:50:40 +02:00
a442b8f637
Added ability to specify nft bin location
...
Gentoo installs nft binary into /sbin/nft in accordance with the
filesystem spec:
https://devmanual.gentoo.org/general-concepts/filesystem/
This commit adds the ability to specify the location of nft binary
through variable nft__bin_location.
By default it is set to "/usr/sbin/nft".
2021-08-11 08:50:37 -07:00
Jeremy Gardais
60b7d49555
Merge branch 'feature_forwarding' of https://github.com/p-rintz/nftables into p-rintz-feature_forwarding
2021-03-09 18:02:31 +01:00
Jeremy Gardais
db3fbdc9b4
New examples usecases (mostly for playbooks)
2021-03-09 17:55:55 +01:00
Jeremy Gardais
9eff3cd1d0
Remove everything related to in_udp_accept
...
See conversation in PR #13 (summary : cause it was empty by
default and the role currently doesn't manage it well)
2021-03-04 10:36:17 +01:00
51d768539f
Add forward chain variables to README.md
2021-03-03 13:57:36 +01:00
19ee0ed2bc
Change variable names + add debug toggle.
2020-12-30 17:15:14 +01:00
3d5edb45b9
Add additional variables to README
2020-11-29 15:36:26 +01:00
65d7414785
Added merged_groups info to README.
2020-11-29 15:29:22 +01:00
f6c6df3dc6
added missing icmpv6 output rule
2020-06-02 09:11:51 +02:00
1f91776374
Another playbook example
...
It was hard for me to learn how to use the role and override the default rules. Therefore I want to contribute another example
2020-06-02 09:01:54 +02:00
Jeremy Gardais
221de0cc89
Reload nftables service to apply new rules
...
Fix #3 Github
2020-04-21 09:53:57 +02:00
Jeremy Gardais
72551575df
Fix the 10 minutes delay at first run ( fix #1 )!
2020-04-21 08:40:31 +02:00
Jeremy Gardais
bcc3fc6f85
Manage a NAT table with pre and postrouting chains
2019-04-16 16:11:02 +02:00
Jeremy Gardais
4047d64c76
Add a variable to manage custom content (table, include,…)
2019-04-16 11:50:30 +02:00
Jeremy Gardais
83675dfe48
Allow to disable "Protect" in systemd unit
2019-03-15 11:13:26 +01:00
Jeremy Gardais
f47be2bebe
Add possibility to restart Fail2ban service
2018-08-07 11:03:29 +02:00
Jeremy Gardais
1c3d0284d5
Add a additionnal level for all vars for all hosts
...
It can be defined in group_vars/all .
2018-08-06 15:09:20 +02:00
Jeremy Gardais
733b546e56
Fix deprecation warning for state "installed"
2018-07-25 15:09:04 +02:00
Jeremy Gardais
bf9080fcb3
Set a variable to enable/disable Nftables
2018-05-16 14:38:33 +02:00
Jeremy Gardais
3e69865a56
Rename firewall table to filter table (most use on Debian).
2018-02-06 15:50:31 +01:00
Jeremy Gardais
ead7a337a0
Set's name can't exceed 15 characters !
2018-01-05 15:01:30 +01:00
Jeremy Gardais
96080445da
Add a warning for the first run.
2017-08-23 15:02:27 +02:00
Jeremy Gardais
f2d586c176
Ensure to remove old packages (iptables,…).
2017-08-18 09:25:28 +02:00
Jeremy Gardais
e439f6ae5f
Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
2017-08-18 09:18:43 +02:00
Jeremy Gardais
93e4a2e939
Allow outgoing OpenPGP HTTP requests.
2017-08-11 13:46:50 +02:00
Jeremy Gardais
b831267b8e
Define new sets and vars for input connections.
2017-08-09 17:17:03 +02:00
Jeremy Gardais
4beb9019de
Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
2017-08-09 16:08:52 +02:00
Jeremy Gardais
5dd7ea7a5d
Allow outgoing icmp.
2017-08-09 16:04:54 +02:00
Jeremy Gardais
74d068a92c
Rollback to inet family (for ipv4 and ipv6).
2017-08-09 15:01:35 +02:00
Jeremy Gardais
2aafa3c320
Define new sets and vars for output to avoid multiple redifinition of
...
the dicts.
2017-08-09 14:56:40 +02:00
Jeremy Gardais
f5f4b83a84
Manage nftables service at startup.
2017-08-09 14:27:07 +02:00
Jeremy Gardais
6b6a3a1794
Use 'ip' family as default for the firewall table.
2017-08-09 11:18:49 +02:00
Jeremy Gardais
7a36fddf38
Allow localhost traffic.
2017-08-09 11:05:00 +02:00
Jeremy Gardais
9ba41af525
Allow DHCP communication by default.
2017-08-09 11:02:14 +02:00
Jeremy Gardais
e018e439bb
Set output default policy to drop and allow DNS request.
2017-08-09 10:34:29 +02:00
Jeremy Gardais
c711ec53eb
Move output rules to a specific file.
2017-08-08 15:35:05 +02:00
Jeremy Gardais
19acb4cb22
Allow SSH input by default.
2017-08-08 14:53:29 +02:00
Jeremy Gardais
84fd89f6e6
Block all input packets destinate to blackhole set by default.
2017-08-08 14:37:54 +02:00
Jeremy Gardais
043bc55dcb
Manage sets and maps definitions in a specific file.
2017-08-08 14:32:59 +02:00
Jeremy Gardais
983e77df5d
Rename nft_input_conf file.
2017-08-08 13:42:44 +02:00
Jeremy Gardais
f1d2f6582f
Add possibility to have nftables vars.
2017-08-08 12:11:58 +02:00
Jeremy Gardais
4fdf3232c3
Add an example playbook.
2017-08-07 17:59:21 +02:00
Jeremy Gardais
2611dce9d9
Manage input rule with dict.
2017-08-07 17:50:11 +02:00
Jeremy Gardais
5ff44ffcfa
Move input rules to a specific file.
2017-08-07 17:37:41 +02:00
Jeremy Gardais
817e6d46fd
Thanks to Mike Gleason inspiration in his role !
2017-08-07 17:16:09 +02:00
Jeremy Gardais
98d2bf82db
Add dict to manage global config rules.
2017-08-07 17:07:35 +02:00
Jeremy Gardais
1c1013067d
Notify `nftables` service when configuration file is modified.
2017-08-07 14:14:14 +02:00
Jeremy Gardais
bc6f69fc59
Generate main configuration file.
2017-08-07 13:48:54 +02:00
Jeremy Gardais
df57dc8042
Install nftables.
2017-08-07 12:09:13 +02:00
Jeremy Gardais
Vladimir Timofeenko
Philipp Rintz
Philipp Rintz
Leonardo