Loading tasks/firewall.yaml +2 −2 Original line number Diff line number Diff line Loading @@ -3,8 +3,8 @@ # deploy nftables rules - name: "firewall - nftables rules" ansible.builtin.template: src: "nftables.conf.j2" dest: "/etc/nftables.conf" src: "nftables.nft.j2" dest: "/etc/nftables.nft" mode: "0600" owner: "root" group: "root" Loading templates/nftables.conf.j2→templates/nftables.nft.j2 +3 −6 Original line number Diff line number Diff line Loading @@ -12,18 +12,15 @@ table inet filter { # Allow loopback iif lo accept # Allow LAN management access iif {{ lan_interface }} accept # Allow ICMP ip protocol icmp accept ip6 nexthdr ipv6-icmp accept # Allow incoming firewall rules {% for rule in incoming_firewall_rules %} # {{ rule.name }} iif {{ lan_interface }} ip saddr {{ rule.source }} {{ rule.protocol | default('tcp') }} dport {{ rule.port }} accept {% endfor %} # Allow ICMP ip protocol icmp accept ip6 nexthdr ipv6-icmp accept } chain forward { Loading Loading
tasks/firewall.yaml +2 −2 Original line number Diff line number Diff line Loading @@ -3,8 +3,8 @@ # deploy nftables rules - name: "firewall - nftables rules" ansible.builtin.template: src: "nftables.conf.j2" dest: "/etc/nftables.conf" src: "nftables.nft.j2" dest: "/etc/nftables.nft" mode: "0600" owner: "root" group: "root" Loading
templates/nftables.conf.j2→templates/nftables.nft.j2 +3 −6 Original line number Diff line number Diff line Loading @@ -12,18 +12,15 @@ table inet filter { # Allow loopback iif lo accept # Allow LAN management access iif {{ lan_interface }} accept # Allow ICMP ip protocol icmp accept ip6 nexthdr ipv6-icmp accept # Allow incoming firewall rules {% for rule in incoming_firewall_rules %} # {{ rule.name }} iif {{ lan_interface }} ip saddr {{ rule.source }} {{ rule.protocol | default('tcp') }} dport {{ rule.port }} accept {% endfor %} # Allow ICMP ip protocol icmp accept ip6 nexthdr ipv6-icmp accept } chain forward { Loading
