Tip
Check out the repository on GitHub
Rules
TESTS: ansibleguy.nftables.rule | ansibleguy.nftables.rule_raw
NFTables Docs:
Definition
For basic parameters see: Basic
Parameter |
Type |
Required |
Default |
Aliases |
Comment |
---|---|---|---|---|---|
id |
string |
true |
- |
uid, name, identifier |
Unique identifier of the rule. Used to match the configured rules with the existing ones. This id is added at the beginning of the rule’s comment field. |
table |
string |
false |
- |
t, target_table |
The name of the table this rule should be inserted into. If only one exists you don’t need to provide its name. |
table_type |
string |
false |
‘ip’ |
tt, target_table_type |
One of: ‘inet’, ‘ip6’, ‘ip’, ‘arp’, ‘bridge’, ‘netdev’. The type of the table this rule should be inserted into. |
chain |
string |
true |
- |
c, target_chain |
The name of the chain this rule should be inserted into. |
before |
string |
false |
- |
before_id |
This rule should be placed before a specific other rule. Provide the unique identifier of the other rule! |
after |
string |
false |
- |
after_id |
This rule should be placed after a specific other rule. Provide the unique identifier of the other rule! |
ansibleguy.nftables.rule_raw
STATE: testing
Parameter |
Type |
Required |
Default |
Aliases |
Comment |
---|---|---|---|---|---|
rule |
string |
false for deletion else true |
- |
raw, line, content |
The raw rule to add to the config |
ansibleguy.nftables.rule
STATE: development
Usage
Rules are identified/matched using an unique ID.
You need to provide one for every rule you manage!
That ID is added at the beginning of the rule’s comment field. The ID is separated from the comment using a backslash (\) as separator. Because of this that character will be replaced by an underscore (_) if found in the comment field!
Examples
ansibleguy.nftables.list
- hosts: all
gather_facts: no
become: true
tasks:
- name: Pulling existing rules
ansibleguy.nftables.list:
target: 'rules'
register: rules
- name: Show rules
ansible.builtin.debug:
var: rules.data
ansibleguy.nftables.rule_raw
- hosts: all
gather_facts: no
become: true
tasks:
- name: Example
ansibleguy.nftables.rule_raw:
id: 'example_id'
chain: 'target_chain'
# table: ''
# table_type: ''
# before: ''
# after: ''
rule: 'iifname "lo" accept comment "Allow loopback traffic"'
- name: Adding rule
ansibleguy.opnsense.rule_raw:
id: '11'
chain: 'input'
table: 'filter'
table_type: 'ip'
rule: 'iifname "lo" accept comment "Allow loopback traffic"'
- name: Moving rule before rule 14
ansibleguy.opnsense.rule_raw:
id: '11'
chain: 'input'
table: 'filter'
table_type: 'ip'
rule: 'iifname "eno1" accept comment "Allow some traffic"'
before: '14'
- name: Removing
ansibleguy.opnsense.rule_raw:
id: '11'
chain: 'input'
table: 'filter'
table_type: 'ip'
state: absent