#!/usr/sbin/nft -f
# {{ ansible_managed }}
{% set globalmerged = nft_global_default_rules.copy() %}
{% set _ = globalmerged.update(nft_global_group_rules) %}
{% set _ = globalmerged.update(nft_global_host_rules) %}

# clean
flush ruleset

include "/etc/nftables.d/defines.nft"

table inet firewall {
	chain global {
{% for group, rules in globalmerged|dictsort  %}
		# {{ group }}
{% if not rules %}
		# (none)
{% endif %}
{% for rule in rules %}
		{{ rule }}
{% endfor %}
{% endfor %}
	}
	include "{{ nft_input_conf_path }}"
	chain output {
		type filter hook output priority 0;
		jump global
	}
}