infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

nftables: add defined check for nft_nat_rules and set it also [] by default

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2025-04-24 13:13:52 -07:00
parent 68cbd3dc2c
commit 4d4365cdf5
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
inventory/group_vars/all
View file

@ -154,6 +154,7 @@ nftables: True
# nftables variants of custom*_rules # nftables variants of custom*_rules
nft_custom6_rules: [] nft_custom6_rules: []
nft_custom_rules: [] nft_custom_rules: []
nft_nat_rules: []
# default network block device encryption settings for linux-system-roles/nbde_client # default network block device encryption settings for linux-system-roles/nbde_client
nbde: true nbde: true
nbde_device: /dev/md2 nbde_device: /dev/md2

2
roles/base/templates/nftables/nftables
View file

@ -107,7 +107,7 @@ add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport {{ port }} counter accep
add rule ip filter INPUT counter reject with icmp type host-prohibited add rule ip filter INPUT counter reject with icmp type host-prohibited
add rule ip filter FORWARD counter reject with icmp type host-prohibited add rule ip filter FORWARD counter reject with icmp type host-prohibited
{% if nft_nat_rules %} {% if nft_nat_rules is defined %}
add table ip nat add table ip nat
add chain ip nat PREROUTING { type nat hook prerouting priority -100; policy accept; } add chain ip nat PREROUTING { type nat hook prerouting priority -100; policy accept; }