infra/ansible-role-firewall
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

some cleanup

Browse source
This commit is contained in:
nd 2020-04-30 15:41:02 +02:00
parent 88b851cfff
commit 71c3dccba9
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
templates/nftables.conf.j2
View file

@ -13,7 +13,7 @@
{% set tmprule = firewall.chains[name][i] %} {% set tmprule = firewall.chains[name][i] %}
{% endif%} {% endif%}
{% set rule = {}|combine(firewall.defaults.all, firewall.defaults[name], tmprule, recursive=True) %} {% set rule = {}|combine(firewall.defaults.all, firewall.defaults[name], tmprule, recursive=True) %}
{{ nftrule(i, rule) }} {{ nftrule(i, rule) }}
{% endfor %} {% endfor %}
{% endmacro%} {% endmacro%}
@ -32,7 +32,7 @@ table inet filter {
ip protocol icmp accept comment "Accept ICMP" ip protocol icmp accept comment "Accept ICMP"
ip protocol igmp accept comment "Accept IGMP" ip protocol igmp accept comment "Accept IGMP"
{{ nftchain('input') }} {{ nftchain('input') }}
counter comment "Count dropped" counter comment "Count dropped"
@ -41,7 +41,7 @@ table inet filter {
type filter hook forward priority 0; type filter hook forward priority 0;
policy {{ firewall.policies.forward }}; policy {{ firewall.policies.forward }};
{{ nftchain('forward') }} {{ nftchain('forward') }}
counter comment "Count dropped" counter comment "Count dropped"
} }
@ -49,8 +49,8 @@ table inet filter {
type filter hook output priority 0; type filter hook output priority 0;
policy {{ firewall.policies.output }}; policy {{ firewall.policies.output }};
{{ nftchain('output') }} {{ nftchain('output') }}
} }
} }
include "/etc/nftables/*.nft" include "/etc/nftables.d/*.nft"