2024-02-18 09:52:10 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
- name: Install nftables
|
|
|
|
|
ansible.builtin.package:
|
|
|
|
|
name: nftables
|
|
|
|
|
state: present
|
|
|
|
|
|
|
|
|
|
- name: Get available services
|
|
|
|
|
ansible.builtin.service_facts:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Create service file
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: nftables.service
|
|
|
|
|
dest: /etc/systemd/system/nftables.service
|
|
|
|
|
state: present
|
2024-02-19 10:56:04 +02:00
|
|
|
mode: "644"
|
2024-02-18 09:52:10 +02:00
|
|
|
when: ansible_facts.services['nftables.service'] is not defined
|
|
|
|
|
|
|
|
|
|
- name: Add config file
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: nftables.conf.j2
|
|
|
|
|
dest: "{{ nftables_main_file[ansible_os_family] | default('/etc/nftables.conf') }}"
|
2024-02-19 10:56:04 +02:00
|
|
|
mode: "644"
|
2024-02-18 09:52:10 +02:00
|
|
|
vars:
|
|
|
|
|
nftables_main_file:
|
|
|
|
|
Debian: /etc/nftables.conf
|
|
|
|
|
RedHat: /etc/nftables/main.nft
|
|
|
|
|
|
|
|
|
|
- name: Create subdirs
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
name: "{{ item }}"
|
|
|
|
|
state: directory
|
2024-02-19 10:56:04 +02:00
|
|
|
mode: "755"
|
2024-02-18 09:52:10 +02:00
|
|
|
with_items:
|
|
|
|
|
- /etc/nftables/input.d
|
|
|
|
|
- /etc/nftables/forward.d
|
|
|
|
|
- /etc/nftables/output.d
|
|
|
|
|
- /etc/nftables/filter.d
|
|
|
|
|
- /etc/nftables/global.d
|
|
|
|
|
|
|
|
|
|
- name: Enable and start nftables
|
|
|
|
|
ansible.builtin.systemd_service:
|
|
|
|
|
name: nftables.service
|
|
|
|
|
enabled: true
|
|
|
|
|
state: started
|
|
|
|
|
daemon_reload: true
|
