ansible/role_nftables
1
0
Fork 0
Code Pull Requests Releases Activity

fix: Include rules or tables file only if set

Browse Source
This commit is contained in:
pulsar89.5 2023-12-29 11:12:41 +01:00
parent efdd1560ff
commit 2ee5dc5ff2
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/nftables.conf.j2
View File

@ -16,13 +16,17 @@ table inet filter {
# accept neighbour discovery otherwise IPv6 connectivity breaks. # accept neighbour discovery otherwise IPv6 connectivity breaks.
ip6 nexthdr icmpv6 icmpv6 type {nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert} accept ip6 nexthdr icmpv6 icmpv6 type {nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert} accept
{% if nftables_rules | length > 0 %}
# include specific rules # include specific rules
include "/srv/nftables/rules.conf" include "/srv/nftables/rules.conf"
{% endif %}
# count and drop any other traffic # count and drop any other traffic
counter drop counter drop
} }
} }
{% if nftables_tables | length > 0 %}
# include more tables # include more tables
include "/srv/nftables/tables.conf" include "/srv/nftables/tables.conf"
{% endif %}