--- # tasks file for nftables - name: Load specific OS vars for nft include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml" - "{{ ansible_distribution|lower }}.yml" - "{{ ansible_os_family|lower }}.yml" # package {{{ - name: INSTALL Manage nftables packages package: name: '{{ item }}' state: '{{ nft_pkg_state }}' with_items: - '{{ nft_pkg_list }}' when: nft_pkg_manage - name: INSTALL Remove iptables packages apt: name: '{{ item }}' state: '{{ nft_old_pkg_state }}' with_items: - '{{ nft_old_pkg_list }}' when: nft_old_pkg_manage # }}} # conf {{{ - name: CONFIG create nftables.d dir file: path: "{{ nft_conf_dir_path }}" state: directory mode: 0755 - name: CONFIG generate main conf file template: src: "{{ nft_main_conf_content }}" dest: "{{ nft_main_conf_path }}" owner: root group: root mode: 0755 backup: yes notify: restart nftables service - name: CONFIG generate input rules file template: src: "{{ nft_input_conf_content }}" dest: "{{ nft_input_conf_path }}" owner: root group: root mode: 0755 backup: yes notify: restart nftables service - name: CONFIG generate output rules file template: src: "{{ nft_output_conf_content }}" dest: "{{ nft_output_conf_path }}" owner: root group: root mode: 0755 backup: yes notify: restart nftables service - name: CONFIG generate vars definition file template: src: "{{ nft_define_conf_content }}" dest: "{{ nft_define_conf_path }}" owner: root group: root mode: 0755 backup: yes notify: restart nftables service - name: CONFIG generate sets and maps file template: src: "{{ nft_set_conf_content }}" dest: "{{ nft_set_conf_path }}" owner: root group: root mode: 0755 backup: yes notify: restart nftables service # }}} # service {{{ - name: SERVICE manage '{{ nft_service_name }}' service: name: '{{ nft_service_name }}' state: started enabled: '{{ nft_service_enabled }}' when: nft_service_manage # }}}