nft role + disable iptables when nft enabled

2024-07-24 21:32:13 +02:00 · 2024-07-24 21:32:13 +02:00 · 848917a72c
commit 848917a72c
parent a74dba4557
17 changed files with 348 additions and 57 deletions
--- a/group_vars/pad.yaml
+++ b/group_vars/pad.yaml
@ -5,3 +5,8 @@ etherpad_domain: pad.bitlair.nl
 nginx_sites:
  - server_name: "pad.bitlair.nl"
    localproxy: "9001"
+
+nft: true
+group_nft_input:
+  - "# Allow web-traffic from world"
+  - "tcp dport { http, https } accept"