infrastructure/ansible/roles/ingress/tasks/firewall.yml

- name: Install nftables
  package:
    name: nftables
  become: true

- name: Copy firewall config
  template:
    src: files/nftables.conf
    dest: /etc/nftables.conf
    validate: nft -c -f %s
  become: true
  notify: reload firewall

- name: Enable nftables
  service:
    name: nftables
    enabled: true
    state: started
  become: true
Use nftables for firewall on ingress See ya never, iptables! 2023-10-26 21:34:06 +01:00			`- name: Install nftables`
			`package:`
			`name: nftables`
			`become: true`

			`- name: Copy firewall config`
			`template:`
			`src: files/nftables.conf`
			`dest: /etc/nftables.conf`
			`validate: nft -c -f %s`
			`become: true`
			`notify: reload firewall`

			`- name: Enable nftables`
			`service:`
			`name: nftables`
			`enabled: true`
			`state: started`
			`become: true`