ansible.nftables/defaults/main.yml

32 lines
726 B
YAML

---
# defaults file for nftables
# packages
nft_pkg_manage: true
nft_pkg_state: 'installed'
# conf
nft_main_conf_path: '/etc/nftables.conf'
nft_main_conf_content: 'etc/nftables.conf.j2'
nft_input_conf_path: '/etc/nftables.d/inet-filter.nft'
nft_input_conf_content: 'etc/nftables.d/inet-filter.nft.j2'
# rules
nft_global_default_rules:
000 state management:
- ct state established,related accept
- ct state invalid drop
nft_global_group_rules: {}
nft_global_host_rules: {}
nft_input_default_rules:
000 policy:
- type filter hook input priority 0; policy drop;
001 global:
- jump global
nft_input_group_rules: {}
nft_input_host_rules: {}
# service
nft_service_manage: true
nft_service_name: 'nftables'