network/roles/firewall/tasks/nftables.yml

- name: Install nftables
  package:
    name: nftables

- name: Copy nftables config
  template:
    dest: /etc/nftables.nft
    src: nftables.nft.j2
    mode: 0644
  notify: reload nftables

- name: Copy static nftables includes
  template:
    dest: '/etc/nftables.d/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0644
  loop:
    - interfaces.nft
    - networks.nft
  notify: reload nftables

- name: Enable nftables service
  service:
    name: nftables
    enabled: yes
    state: started
Initial commit, squashed 2023-12-18 10:22:14 +00:00			`- name: Install nftables`
			`package:`
			`name: nftables`

			`- name: Copy nftables config`
			`template:`
			`dest: /etc/nftables.nft`
			`src: nftables.nft.j2`
			`mode: 0644`
			`notify: reload nftables`

			`- name: Copy static nftables includes`
			`template:`
			`dest: '/etc/nftables.d/{{ item }}'`
			`src: '{{ item }}.j2'`
			`mode: 0644`
			`loop:`
			`- interfaces.nft`
firewall: create empty ipsets for known networks So we don’t crash and burn before config is set up. 2024-01-30 11:37:14 +00:00			`- networks.nft`
Initial commit, squashed 2023-12-18 10:22:14 +00:00			`notify: reload nftables`

			`- name: Enable nftables service`
			`service:`
			`name: nftables`
			`enabled: yes`
			`state: started`