infra/ansible-role-firewall
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

some cleanup

Browse source
This commit is contained in:
nd 2020-04-30 15:41:02 +02:00
parent 88b851cfff
commit 71c3dccba9
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
templates/nftables.conf.j2
View file

@ -13,7 +13,7 @@
{% set tmprule = firewall.chains[name][i] %}
{% endif%}
{% set rule = {}|combine(firewall.defaults.all, firewall.defaults[name], tmprule, recursive=True) %}
{{ nftrule(i, rule) }}
{{ nftrule(i, rule) }}
{% endfor %}
{% endmacro%}
@ -32,7 +32,7 @@ table inet filter {
ip protocol icmp accept comment "Accept ICMP"
ip protocol igmp accept comment "Accept IGMP"
{{ nftchain('input') }}
{{ nftchain('input') }}
counter comment "Count dropped"
@ -41,7 +41,7 @@ table inet filter {
type filter hook forward priority 0;
policy {{ firewall.policies.forward }};
{{ nftchain('forward') }}
{{ nftchain('forward') }}
counter comment "Count dropped"
}
@ -49,8 +49,8 @@ table inet filter {
type filter hook output priority 0;
policy {{ firewall.policies.output }};
{{ nftchain('output') }}
{{ nftchain('output') }}
}
}
include "/etc/nftables/*.nft"
include "/etc/nftables.d/*.nft"