firewall: create empty ipsets for known networks

So we don’t crash and burn before config is set up.
This commit is contained in:
Timotej Lazar 2024-01-30 12:37:14 +01:00
parent 161ce73be7
commit 544aa0a088
2 changed files with 3 additions and 0 deletions

View file

@ -16,6 +16,7 @@
mode: 0644 mode: 0644
loop: loop:
- interfaces.nft - interfaces.nft
- networks.nft
notify: reload nftables notify: reload nftables
- name: Enable nftables service - name: Enable nftables service

View file

@ -5,6 +5,7 @@ flush ruleset
table inet filter { table inet filter {
include "/etc/nftables.d/interfaces.nft" include "/etc/nftables.d/interfaces.nft"
include "/etc/nftables.d/networks.nft"
include "/etc/nftables.d/sets.nft*" include "/etc/nftables.d/sets.nft*"
set link { set link {
@ -92,6 +93,7 @@ table inet filter {
table ip nat { table ip nat {
include "/etc/nftables.d/interfaces.nft" include "/etc/nftables.d/interfaces.nft"
include "/etc/nftables.d/networks.nft"
include "/etc/nftables.d/sets.nft*" include "/etc/nftables.d/sets.nft*"
include "/etc/nftables.d/netmap.nft*" include "/etc/nftables.d/netmap.nft*"