47 lines
951 B
YAML
47 lines
951 B
YAML
---
|
|
|
|
- name: Install nftables related packages
|
|
ansible.builtin.apt:
|
|
state: present
|
|
pkg:
|
|
- nftables
|
|
- net-tools
|
|
- ipset
|
|
|
|
- name: Template nftables.conf
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0700"
|
|
validate: "{{ item.validate | default() }}"
|
|
with_items:
|
|
- { src: "nftables.conf.j2", dest: "{{ nft_main_config }}",
|
|
backup: "yes", validate: "/usr/sbin/nft -c -f %s" }
|
|
tags:
|
|
- nft
|
|
- nftconfig
|
|
when:
|
|
- nft | bool
|
|
notify:
|
|
- Reload nftables
|
|
|
|
- name: Cleanup netfilter packages
|
|
ansible.builtin.apt:
|
|
state: absent
|
|
pkg:
|
|
- netfilter-persistent
|
|
when:
|
|
- nft | bool
|
|
|
|
- name: Cleanup iptables stuff
|
|
ansible.builtin.file:
|
|
state: absent
|
|
path: "{{ item }}"
|
|
with_items:
|
|
- "/etc/iptables/rules/v4"
|
|
- "/etc/iptables/rules/v6"
|
|
- "/etc/iptables"
|
|
when:
|
|
- nft | bool
|