blob: ae5a51696380d20a3a766b687a8e69e38b595b40 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#jinja2: lstrip_blocks: "True", trim_blocks: "True"
#!{{ nft__bin_location }} -f
{{ ansible_managed | comment }}
{% set globalmerged = nft_global_default_rules.copy() %}
{% set _ = globalmerged.update(nft_global_rules) %}
{% set _ = globalmerged.update(nft_global_group_rules) %}
{% if nft_merged_groups and hostvars[inventory_hostname]['nft_combined_rules'].nft_global_group_rules is defined%}
{% set _ = globalmerged.update(hostvars[inventory_hostname]['nft_combined_rules'].nft_global_group_rules) %}
{% endif %}
{% set _ = globalmerged.update(nft_global_host_rules) %}
# clean
table {{ nft_flush_table_target }}
flush table {{ nft_flush_table_target }}
include "{{ nft_define_conf_path }}"
table inet filter {
chain global {
{% for group, rules in globalmerged|dictsort %}
# {{ group }}
{% if not rules %}
# (none)
{% endif %}
{% for rule in rules %}
{{ rule }}
{% endfor %}
{% endfor %}
}
include "{{ nft_conntrack_conf_path }}"
include "{{ nft_set_conf_path }}"
include "{{ nft_input_conf_path }}"
include "{{ nft_output_conf_path }}"
{% if nft__forward_table_manage %}
include "{{ nft_forward_conf_path }}"
{% endif %}
{% if nft__mangle_table_manage %}
include "{{ nft_mangle_conf_path }}"
{% endif %}
{% if nft_custom_includes | default() %}
{% if nft_custom_includes is string %}
include "{{ nft_custom_includes }}"
{% elif nft_custom_includes is iterable and (nft_custom_includes is not string and nft_custom_includes is not mapping) %}
{% for include in nft_custom_includes %}
include "{{ include }}"
{% endfor %}
{% endif %}
{% endif %}
}
{% if nft__nat_table_manage %}
# Additionnal table for Network Address Translation (NAT)
table ip nat {
include "{{ nft_conntrack_conf_path }}"
include "{{ nft_set_conf_path }}"
include "{{ nft__nat_prerouting_conf_path }}"
include "{{ nft__nat_postrouting_conf_path }}"
}
{% endif %}
{% if nft__custom_content|d() %}
# Custom content from ipr-cnrs.nftables
{{ nft__custom_content }}
{% endif %}
|
