Browse Source

adjust tcp_dports to be configurable

main
Felix Kronlage-Dammers 3 months ago
parent
commit
000d426cea
  1. 1
      defaults/main.yml
  2. 4
      tasks/main.yml
  3. 2
      templates/nftables.conf.j2

1
defaults/main.yml

@ -2,3 +2,4 @@
# defaults for nftables
nftables_environment: {}
nftables_tcp_dports: "22, 80, 443"

4
tasks/main.yml

@ -9,8 +9,8 @@
state: latest
- name: setup nftables config
copy:
src: nftables.conf
template:
src: nftables.conf.j2
dest: /etc/nftables.conf
notify:
- restart nftables

2
files/nftables.conf → templates/nftables.conf.j2

@ -39,7 +39,7 @@ table inet firewall {
# Allow SSH on port TCP/22 and allow HTTPS on port TCP/443
# for IPv4 and IPv6.
tcp dport { 22, 443} accept
tcp dport { {{ nftables_tcp_dports }} } accept
# Uncomment to enable logging of denied inbound traffic
log prefix "[nftables] Inbound Denied: " counter drop
Loading…
Cancel
Save