ansible/role_nftables
2
Fork 0
Code Pull Requests 1 Actions Releases Activity

feat: Create role

Browse Source
This commit is contained in:
pulsar89.5
2025-04-01 16:49:12 +02:00
parent 69eeff1e45
commit 0fb68716a0
9 changed files with 156 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
README.md
View File

@@ -1,3 +1,65 @@
# role_modele
# role_nftables
Modèle
Allow to install, enable and manage nftables.
## Variables
### nftables_conf_template
Template deployed as nftables configuration.
*<span style="text-decoration: underline">Default value:</span> false*
### nftables_conf_path
Configuration fullpath of nftables.
*<span style="text-decoration: underline">Default value:</span> false*
### nftables_rules_*
List of dicts containing rules to deploy with comment and associated rules.
*<span style="text-decoration: underline">Default value:</span> none*
## Usages
### inventory.yml
```yaml
---
all:
hosts:
host1.ykn.local:
host2.ykn.local:
children:
dnsservers:
hosts:
host1.ykn.local:
host2.ykn.local:
```
### group_vars/dnsservers.yml
```yaml
---
nftables_rules_dnsservers:
- comment: Allow LAN to dns
rules:
- "ip saddr 192.168.93.0/24 meta l4proto {tcp, udp} th dport 53 accept"
- "ip6 saddr abcd:ef9:8765:895::/64 meta l4proto {tcp, udp} th dport 53 accept"
- "ip6 saddr fe80::/64 meta l4proto {tcp, udp} th dport 53 accept"
```
### host_vars/host1.ykn.local.yml
```yaml
---
nftables_rules_host:
- comment: Allow ANY to https
rules:
- "tcp dport 443 accept"
```