role_nftables

Allow to install, enable and manage nftables.

Variables

nftables_conf_template

Template deployed as nftables configuration.

Default value: false

nftables_conf_path

Configuration fullpath of nftables.

Default value: false

nftables_rules_*

List of dicts containing rules to deploy with comment and associated rules.

Default value: none

Usages

inventory.yml

---

all:
  hosts:
    host1.ykn.local:
    host2.ykn.local:
  children:
    dnsservers:
      hosts:
        host1.ykn.local:
        host2.ykn.local:

group_vars/dnsservers.yml

---

nftables_rules_dnsservers:
  - comment: Allow LAN to dns
    rules:
      - "ip saddr 192.168.93.0/24 meta l4proto {tcp, udp} th dport 53 accept"
      - "ip6 saddr abcd:ef9:8765:895::/64 meta l4proto {tcp, udp} th dport 53 accept"
      - "ip6 saddr fe80::/64 meta l4proto {tcp, udp} th dport 53 accept"

host_vars/host1.ykn.local.yml

---

nftables_rules_host:
  - comment: Allow ANY to https
    rules:
      - "tcp dport 443 accept"