firewall: create empty ipsets for known networks
So we don’t crash and burn before config is set up.
This commit is contained in:
parent
161ce73be7
commit
544aa0a088
|
@ -16,6 +16,7 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- interfaces.nft
|
- interfaces.nft
|
||||||
|
- networks.nft
|
||||||
notify: reload nftables
|
notify: reload nftables
|
||||||
|
|
||||||
- name: Enable nftables service
|
- name: Enable nftables service
|
||||||
|
|
|
@ -5,6 +5,7 @@ flush ruleset
|
||||||
|
|
||||||
table inet filter {
|
table inet filter {
|
||||||
include "/etc/nftables.d/interfaces.nft"
|
include "/etc/nftables.d/interfaces.nft"
|
||||||
|
include "/etc/nftables.d/networks.nft"
|
||||||
include "/etc/nftables.d/sets.nft*"
|
include "/etc/nftables.d/sets.nft*"
|
||||||
|
|
||||||
set link {
|
set link {
|
||||||
|
@ -92,6 +93,7 @@ table inet filter {
|
||||||
|
|
||||||
table ip nat {
|
table ip nat {
|
||||||
include "/etc/nftables.d/interfaces.nft"
|
include "/etc/nftables.d/interfaces.nft"
|
||||||
|
include "/etc/nftables.d/networks.nft"
|
||||||
include "/etc/nftables.d/sets.nft*"
|
include "/etc/nftables.d/sets.nft*"
|
||||||
include "/etc/nftables.d/netmap.nft*"
|
include "/etc/nftables.d/netmap.nft*"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue