# role_nftables

Allow to install, enable and manage nftables.

## Variables

### nftables_conf_template

Template deployed as nftables configuration.

*<span style="text-decoration: underline">Default value:</span> false*

### nftables_conf_path

Configuration fullpath of nftables.

*<span style="text-decoration: underline">Default value:</span> false*

### nftables_rules_*

List of dicts containing rules to deploy with comment and associated rules.

*<span style="text-decoration: underline">Default value:</span> none*

## Usages

### inventory.yml

```yaml
---

all:
  hosts:
    host1.ykn.local:
    host2.ykn.local:
  children:
    dnsservers:
      hosts:
        host1.ykn.local:
        host2.ykn.local:
```

### group_vars/dnsservers.yml

```yaml
---

nftables_rules_dnsservers:
  - comment: Allow LAN to dns
    rules:
      - "ip saddr 192.168.93.0/24 meta l4proto {tcp, udp} th dport 53 accept"
      - "ip6 saddr abcd:ef9:8765:895::/64 meta l4proto {tcp, udp} th dport 53 accept"
      - "ip6 saddr fe80::/64 meta l4proto {tcp, udp} th dport 53 accept"
```

### host_vars/host1.ykn.local.yml

```yaml
---

nftables_rules_host:
  - comment: Allow ANY to https
    rules:
      - "tcp dport 443 accept"
```