feat: Create role

templates/nftables.conf.j2

@@ -0,0 +1,31 @@
+#!/usr/sbin/nft -f
+# {{ ansible_managed }}
+
+flush ruleset
+
+table inet filter {
+  chain input {
+    type filter hook input priority 0;
+
+    # Accept any localhost traffic
+    iif lo accept
+
+    # Accept traffic originated from us
+    ct state established,related accept
+
+    # Accept neighbour discovery otherwise IPv6 connectivity breaks.
+    ip6 nexthdr icmpv6 icmpv6 type {nd-neighbor-solicit,  nd-router-advert, nd-neighbor-advert} accept
+
+    # Specific rules
+{% for infos in (nftables_rules | unique) %}
+    ## {{ infos.comment }}
+    {{ infos.rules | join('\n') | indent(width=4, first=false) }}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
+
+    # Count and drop any other traffic
+    counter drop
+  }
+}