forked from bitlair/ansible
33 lines
710 B
YAML
33 lines
710 B
YAML
---
|
|
|
|
nft: true # Overrule om geen nftables uit te rollen
|
|
nft_main_config: "/etc/nftables.conf"
|
|
|
|
# Default policies per chain ( drop / reject / accept )
|
|
nft_policy_input: "drop"
|
|
nft_policy_forward: "accept"
|
|
nft_policy_output: "accept"
|
|
# Same for nat traffic
|
|
nft_policy_prerouting: "accept"
|
|
nft_policy_postrouting: "accept"
|
|
|
|
# Host/Port allows
|
|
nft_group_rules: []
|
|
|
|
# And per host/group additions to rules:
|
|
group_nft_input: []
|
|
group_nft_forward: []
|
|
group_nft_output: []
|
|
|
|
host_nft_input: []
|
|
host_nft_forward: []
|
|
host_nft_output: []
|
|
|
|
group_nft_postrouting: []
|
|
host_nft_postrouting: []
|
|
group_nft_prerouting: []
|
|
host_nft_prerouting: []
|
|
|
|
nft_defines: []
|
|
nft_defines_group: []
|
|
|