bitlair/ansible
6
0
Fork 1
Code Issues Pull requests Activity Actions

nft role + disable iptables when nft enabled

Browse source
This commit is contained in:
Mark Janssen 2024-07-24 21:32:13 +02:00
parent a74dba4557
commit 848917a72c
Signed by: foobar
GPG key ID: D8674D8FC4F69BD2
17 changed files with 348 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

47
roles/nft/tasks/main.yaml Normal file
View file

@ -0,0 +1,47 @@
---
- name: Install nftables related packages
ansible.builtin.apt:
state: present
pkg:
- nftables
- net-tools
- ipset
- name: Template nftables.conf
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
mode: "0700"
validate: "{{ item.validate | default() }}"
with_items:
- { src: "nftables.conf.j2", dest: "{{ nft_main_config }}",
backup: "yes", validate: "/usr/sbin/nft -c -f %s" }
tags:
- nft
- nftconfig
when:
- nft | bool
notify:
- Reload nftables
- name: Cleanup netfilter packages
ansible.builtin.apt:
state: absent
pkg:
- netfilter-persistent
when:
- nft | bool
- name: Cleanup iptables stuff
ansible.builtin.file:
state: absent
path: "{{ item }}"
with_items:
- "/etc/iptables/rules/v4"
- "/etc/iptables/rules/v6"
- "/etc/iptables"
when:
- nft | bool