roles/network/nftables/base/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

---
- name: install nftables
  apt:
    name: nftables

- name: create include base directory
  file:
    path: /etc/nftables.d
    state: directory

- name: generate rules files
  loop: "{{ nftables_base_rules | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  copy:
    content: |
      # Ansible managed

      {{ item.value }}
    dest: "/etc/nftables.d/{{ item.key }}.nft"
  notify: reload nftables

- name: generate base nft script
  copy:
    content: |
      #!/usr/sbin/nft -f

      # Ansible managed
      flush ruleset
      include "/etc/nftables.d/*.nft"
    dest: /etc/nftables.conf
  notify: reload nftables

- name: make sure nftables systemd service unit is enabled and started
  systemd:
    name: nftables.service
    state: started
    enabled: yes