26 lines
651 B
Plaintext
26 lines
651 B
Plaintext
|
#!/usr/sbin/nft -f
|
||
|
|
# {{ ansible_managed }}
|
||
|
|
|
||
|
|
flush ruleset
|
||
|
|
|
||
|
|
table inet filter {
|
||
|
|
chain input {
|
||
|
|
type filter hook input priority 0;
|
||
|
|
{% for rule in nftables_rules if rule.chain == "input" %}
|
||
|
|
{{ rule.rule }};
|
||
|
|
{% endfor %}
|
||
|
|
}
|
||
|
|
chain forward {
|
||
|
|
type filter hook forward priority 0;
|
||
|
|
{% for rule in nftables_rules if rule.chain == "forward" %}
|
||
|
|
{{ rule.rule }};
|
||
|
|
{% endfor %}
|
||
|
|
}
|
||
|
|
chain output {
|
||
|
|
type filter hook output priority 0;
|
||
|
|
{% for rule in nftables_rules if rule.chain == "output" %}
|
||
|
|
{{ rule.rule }};
|
||
|
|
{% endfor %}
|
||
|
|
}
|
||
|
|
}
|