Tip

Check out the repository on GitHub

Rules

TESTS: ansibleguy.nftables.rule | ansibleguy.nftables.rule_raw

NFTables Docs:

Definition

For basic parameters see: Basic

Definition

Parameter

Type

Required

Default

Aliases

Comment

id

string

true

-

uid, name, identifier

Unique identifier of the rule. Used to match the configured rules with the existing ones. This id is added at the beginning of the rule’s comment field.

table

string

false

-

t, target_table

The name of the table this rule should be inserted into. If only one exists you don’t need to provide its name.

table_type

string

false

‘ip’

tt, target_table_type

One of: ‘inet’, ‘ip6’, ‘ip’, ‘arp’, ‘bridge’, ‘netdev’. The type of the table this rule should be inserted into.

chain

string

true

-

c, target_chain

The name of the chain this rule should be inserted into.

before

string

false

-

before_id

This rule should be placed before a specific other rule. Provide the unique identifier of the other rule!

after

string

false

-

after_id

This rule should be placed after a specific other rule. Provide the unique identifier of the other rule!

ansibleguy.nftables.rule_raw

STATE: testing

Definition

Parameter

Type

Required

Default

Aliases

Comment

rule

string

false for deletion else true

-

raw, line, content

The raw rule to add to the config

ansibleguy.nftables.rule

STATE: development

Usage

Rules are identified/matched using an unique ID.

You need to provide one for every rule you manage!

That ID is added at the beginning of the rule’s comment field. The ID is separated from the comment using a backslash (\) as separator. Because of this that character will be replaced by an underscore (_) if found in the comment field!

Examples

ansibleguy.nftables.list

- hosts: all
  gather_facts: no
  become: true
  tasks:
    - name: Pulling existing rules
      ansibleguy.nftables.list:
        target: 'rules'
      register: rules

    - name: Show rules
      ansible.builtin.debug:
        var: rules.data

ansibleguy.nftables.rule_raw

- hosts: all
  gather_facts: no
  become: true
  tasks:
    - name: Example
      ansibleguy.nftables.rule_raw:
        id: 'example_id'
        chain: 'target_chain'
        # table: ''
        # table_type: ''
        # before: ''
        # after: ''
        rule: 'iifname "lo" accept comment "Allow loopback traffic"'

    - name: Adding rule
      ansibleguy.opnsense.rule_raw:
        id: '11'
        chain: 'input'
        table: 'filter'
        table_type: 'ip'
        rule: 'iifname "lo" accept comment "Allow loopback traffic"'

    - name: Moving rule before rule 14
      ansibleguy.opnsense.rule_raw:
        id: '11'
        chain: 'input'
        table: 'filter'
        table_type: 'ip'
        rule: 'iifname "eno1" accept comment "Allow some traffic"'
        before: '14'

    - name: Removing
      ansibleguy.opnsense.rule_raw:
        id: '11'
        chain: 'input'
        table: 'filter'
        table_type: 'ip'
        state: absent