ansible/router
ansible/router
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

fix: nftables file location

Browse source
This commit is contained in:
Simon Cornet 2026-02-17 08:59:03 +01:00
commit a4f00a90ab
2 changed files with 5 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/firewall.yaml
View file

@ -3,8 +3,8 @@
# deploy nftables rules # deploy nftables rules
- name: "firewall - nftables rules" - name: "firewall - nftables rules"
ansible.builtin.template: ansible.builtin.template:
src: "nftables.conf.j2" src: "nftables.nft.j2"
dest: "/etc/nftables.conf" dest: "/etc/nftables.nft"
mode: "0600" mode: "0600"
owner: "root" owner: "root"
group: "root" group: "root"

9
templates/nftables.conf.j2 → templates/nftables.nft.j2
View file

@ -12,18 +12,15 @@ table inet filter {
# Allow loopback # Allow loopback
iif lo accept iif lo accept
# Allow LAN management access # Allow ICMP
iif {{ lan_interface }} accept ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
# Allow incoming firewall rules # Allow incoming firewall rules
{% for rule in incoming_firewall_rules %} {% for rule in incoming_firewall_rules %}
# {{ rule.name }} # {{ rule.name }}
iif {{ lan_interface }} ip saddr {{ rule.source }} {{ rule.protocol | default('tcp') }} dport {{ rule.port }} accept iif {{ lan_interface }} ip saddr {{ rule.source }} {{ rule.protocol | default('tcp') }} dport {{ rule.port }} accept
{% endfor %} {% endfor %}
# Allow ICMP
ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
} }
chain forward { chain forward {