 Jeremy Gardais
|
bcc3fc6f85
|
Manage a NAT table with pre and postrouting chains
|
2019-04-16 16:11:02 +02:00 |
|
Jeremy Gardais
|
095e03f1b2
|
Include Nat rules files in main configuration
|
2019-04-16 15:59:08 +02:00 |
|
Jeremy Gardais
|
63b3bb2c13
|
Generate Nat table rules files
|
2019-04-16 15:48:30 +02:00 |
|
Jeremy Gardais
|
b77d492da2
|
Order and clean comments in defaults/main.yml file
|
2019-04-16 15:21:48 +02:00 |
|
Jeremy Gardais
|
a5199dc0f2
|
Clean tasks name and comments in tasks/main.yml file
|
2019-04-16 14:10:11 +02:00 |
|
Jeremy Gardais
|
4047d64c76
|
Add a variable to manage custom content (table, include,…)
|
2019-04-16 11:50:30 +02:00 |
|
Jeremy Gardais
|
b0da91bb73
|
Improve vars description/comments in default/main
|
2019-04-15 15:29:48 +02:00 |
|
Jeremy Gardais
|
83675dfe48
|
Allow to disable "Protect" in systemd unit
|
2019-03-15 11:13:26 +01:00 |
|
Jeremy Gardais
|
7ace36ed6e
|
Fix E405 Remote package tasks should have a retry
|
2019-02-27 13:31:25 +01:00 |
|
Jeremy Gardais
|
2dcf0ab10e
|
Use to_nice_json to manage packages list
|
2019-02-27 13:28:27 +01:00 |
|
Jeremy Gardais
|
f47be2bebe
|
Add possibility to restart Fail2ban service
|
2018-08-07 11:03:29 +02:00 |
|
Jeremy Gardais
|
fb43eeeb47
|
Set empty dependencies line to fix Galaxy warning
|
2018-08-06 15:19:06 +02:00 |
|
Jeremy Gardais
|
bf9a8450b5
|
The role now might require Ansible 2.5
According to the version available in Debian Stable backports.
|
2018-08-06 15:11:32 +02:00 |
|
Jeremy Gardais
|
1c3d0284d5
|
Add a additionnal level for all vars for all hosts
It can be defined in group_vars/all .
|
2018-08-06 15:09:20 +02:00 |
|
Jeremy Gardais
|
733b546e56
|
Fix deprecation warning for state "installed"
|
2018-07-25 15:09:04 +02:00 |
|
Jeremy Gardais
|
485f7fa83d
|
Move two task in systemd handler (try to fix #1)
Try to fix the long delay at the first run.
|
2018-07-25 15:08:44 +02:00 |
|
Jeremy Gardais
|
bf9080fcb3
|
Set a variable to enable/disable Nftables
|
2018-05-16 14:38:33 +02:00 |
|
Jeremy Gardais
|
0a909641b5
|
Reload systemd daemons only if unit file change.
|
2018-02-06 17:28:41 +01:00 |
|
Jeremy Gardais
|
eb93ff65f9
|
Provide the systemd unit.
|
2018-02-06 17:17:48 +01:00 |
|
Jeremy Gardais
|
3e69865a56
|
Rename firewall table to filter table (most use on Debian).
|
2018-02-06 15:50:31 +01:00 |
|
Jeremy Gardais
|
ead7a337a0
|
Set's name can't exceed 15 characters !
|
2018-01-05 15:01:30 +01:00 |
|
Jeremy Gardais
|
38e1d0dabc
|
Allow icmpv6 outgoing traffic.
|
2017-08-25 17:05:42 +02:00 |
|
Jeremy Gardais
|
96080445da
|
Add a warning for the first run.
|
2017-08-23 15:02:27 +02:00 |
|
Jeremy Gardais
|
f2d586c176
|
Ensure to remove old packages (iptables,…).
|
2017-08-18 09:25:28 +02:00 |
|
Jeremy Gardais
|
e439f6ae5f
|
Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
|
2017-08-18 09:18:43 +02:00 |
|
Jeremy Gardais
|
c70b1bdc91
|
v1.1
|
2017-08-16 13:56:50 +02:00 |
|
Jeremy Gardais
|
93e4a2e939
|
Allow outgoing OpenPGP HTTP requests.
|
2017-08-11 13:46:50 +02:00 |
|
Jeremy Gardais
|
b831267b8e
|
Define new sets and vars for input connections.
|
2017-08-09 17:17:03 +02:00 |
|
Jeremy Gardais
|
4beb9019de
|
Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
|
2017-08-09 16:08:52 +02:00 |
|
Jeremy Gardais
|
5dd7ea7a5d
|
Allow outgoing icmp.
|
2017-08-09 16:04:54 +02:00 |
|
Jeremy Gardais
|
74d068a92c
|
Rollback to inet family (for ipv4 and ipv6).
|
2017-08-09 15:01:35 +02:00 |
|
Jeremy Gardais
|
2aafa3c320
|
Define new sets and vars for output to avoid multiple redifinition of
the dicts.
|
2017-08-09 14:56:40 +02:00 |
|
Jeremy Gardais
|
f5f4b83a84
|
Manage nftables service at startup.
|
2017-08-09 14:27:07 +02:00 |
|
Jeremy Gardais
|
6b474cc119
|
Add CHANGELOG.md.
|
2017-08-09 11:41:09 +02:00 |
|
Jeremy Gardais
|
6b6a3a1794
|
Use 'ip' family as default for the firewall table.
|
2017-08-09 11:18:49 +02:00 |
|
Jeremy Gardais
|
7a36fddf38
|
Allow localhost traffic.
|
2017-08-09 11:05:00 +02:00 |
|
Jeremy Gardais
|
9ba41af525
|
Allow DHCP communication by default.
|
2017-08-09 11:02:14 +02:00 |
|
Jeremy Gardais
|
e018e439bb
|
Set output default policy to drop and allow DNS request.
|
2017-08-09 10:34:29 +02:00 |
|
Jeremy Gardais
|
c711ec53eb
|
Move output rules to a specific file.
|
2017-08-08 15:35:05 +02:00 |
|
Jeremy Gardais
|
19acb4cb22
|
Allow SSH input by default.
|
2017-08-08 14:53:29 +02:00 |
|
Jeremy Gardais
|
84fd89f6e6
|
Block all input packets destinate to blackhole set by default.
|
2017-08-08 14:37:54 +02:00 |
|
Jeremy Gardais
|
043bc55dcb
|
Manage sets and maps definitions in a specific file.
|
2017-08-08 14:32:59 +02:00 |
|
Jeremy Gardais
|
983e77df5d
|
Rename nft_input_conf file.
|
2017-08-08 13:42:44 +02:00 |
|
Jeremy Gardais
|
f1d2f6582f
|
Add possibility to have nftables vars.
|
2017-08-08 12:11:58 +02:00 |
|
Jeremy Gardais
|
4fdf3232c3
|
Add an example playbook.
|
2017-08-07 17:59:21 +02:00 |
|
Jeremy Gardais
|
2611dce9d9
|
Manage input rule with dict.
|
2017-08-07 17:50:11 +02:00 |
|
Jeremy Gardais
|
5ff44ffcfa
|
Move input rules to a specific file.
|
2017-08-07 17:37:41 +02:00 |
|
Jeremy Gardais
|
817e6d46fd
|
Thanks to Mike Gleason inspiration in his role !
|
2017-08-07 17:16:09 +02:00 |
|
Jeremy Gardais
|
98d2bf82db
|
Add dict to manage global config rules.
|
2017-08-07 17:07:35 +02:00 |
|
Jeremy Gardais
|
1c1013067d
|
Notify `nftables` service when configuration file is modified.
|
2017-08-07 14:14:14 +02:00 |