CHANGELOG.md

@@ -5,8 +5,6 @@
 * New rules (disable by default) can be define in *forward* chain (thanks to
   @p-rintz − PR #14).
 * Possibility to toggle file's backup (thanks to @p-rintz − PR #15).
-* Gentoo-specific variables
-* Ability to specify nft binary path through **nft__bin_location**
 
 ### Removed
 * Remove everything related to **in_udp_accept** (see conversation in PR #13).

README.md

@@ -89,7 +89,6 @@ complexify his philosophy… (I'm pretty sure, i now did complexify it :D) ^^
 Please see default value by Operating System file in [vars][vars directory] directory.
 
 * **nft_pkg_list** : The list of package(s) to provide `nftables`.
-* **nft__bin_location** : Path to `nftables` executable. [default : `/usr/sbin/nft`]
 
 ### Rules Dictionaries
 

defaults/main.yml

@@ -599,13 +599,3 @@ nft_backup_conf: True
                                                                    # ]]]
                                                                    # ]]]
                                                                    # ]]]
-# OS specific variables defaults [[[
-# ----------------------------------
-
-# .. envvar:: nft__bin_location [[[
-#
-# Specify Nftables executable location.
-#
-nft__bin_location: '/usr/sbin/nft'
-                                                                   # ]]]
-                                                                   # ]]]

templates/etc/nftables.conf.j2

@@ -1,5 +1,5 @@
 #jinja2: lstrip_blocks: "True", trim_blocks: "True"
-#!{{ nft__bin_location }} -f
+#!/usr/sbin/nft -f
 # {{ ansible_managed }}
 {% set globalmerged = nft_global_default_rules.copy() %}
 {% set _ = globalmerged.update(nft_global_rules) %}

templates/lib/systemd/system/nftables.service.j2

@@ -13,13 +13,13 @@ ProtectSystem=full
 ProtectHome=true
 {% endif %}
 {% if nft__fail2ban_service %}
-ExecStart={{ nft__bin_location }} -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
-ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
-ExecStop=/bin/systemctl stop fail2ban.service ; {{ nft__bin_location }} flush ruleset
+ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
+ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }} ; /bin/systemctl restart fail2ban.service
+ExecStop=/bin/systemctl stop fail2ban.service ; /usr/sbin/nft flush ruleset
 {% else %}
-ExecStart={{ nft__bin_location }} -f {{ nft_main_conf_path }}
-ExecReload={{ nft__bin_location }} -f {{ nft_main_conf_path }}
-ExecStop={{ nft__bin_location }} flush ruleset
+ExecStart=/usr/sbin/nft -f {{ nft_main_conf_path }}
+ExecReload=/usr/sbin/nft -f {{ nft_main_conf_path }}
+ExecStop=/usr/sbin/nft flush ruleset
 {% endif %}
 
 [Install]

vars/gentoo.yml

@@ -1,5 +0,0 @@
----
-# vars file for Gentoo
-nft_pkg_list:
-  - net-firewall/nftables
-nft__bin_location: "/sbin/nft"