infra/ansible-role-firewall
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add option to disable counter for single rules

Browse source
This commit is contained in:
nd 2021-09-25 15:02:49 +02:00
parent c9088a7a24
commit fb6e4ad1df
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
defaults/main.yml
View file

@ -4,6 +4,7 @@ firewall:
statement: accept statement: accept
matches: ~ matches: ~
priority: 1000 priority: 1000
counter: True
input: {} input: {}
forward: {} forward: {}
output: {} output: {}

2
templates/nftables.conf.j2
View file

@ -2,7 +2,7 @@
#!/usr/sbin/nft -f #!/usr/sbin/nft -f
{%- macro nftrule(rule) -%} {%- macro nftrule(rule) -%}
{{rule.matches }} {% if not rule.statement == "counter" %}counter {% endif %}{{ rule.statement }} comment "{{ rule.comment }}" {{rule.matches }} {% if not rule.statement == "counter" or not rule.counter %}counter {% endif %}{{ rule.statement }} comment "{{ rule.comment }}"
{% endmacro %} {% endmacro %}
{%- macro nftchain(name) -%} {%- macro nftchain(name) -%}