roles/common: fix logic for copying AbuseIPDB.com nft sets
We have to force these because they are not updated on the host like the other lists (API limit of five requests per day!). We update the list periodically here in git.
This commit is contained in:
parent
37901da5b5
commit
635bb5234d
@ -36,13 +36,13 @@
|
||||
|
||||
- name: Copy extra nftables configuration files
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
copy: src={{ item }} dest=/etc/nftables/{{ item }} owner=root group=root mode=0644 force=no
|
||||
copy: src={{ item.src }} dest=/etc/nftables/{{ item.src }} owner=root group=root mode=0644 force={{ item.force }}
|
||||
loop:
|
||||
- spamhaus-ipv4.nft
|
||||
- spamhaus-ipv6.nft
|
||||
- abusech-ipv4.nft
|
||||
- abuseipdb-ipv4.nft
|
||||
- abuseipdb-ipv6.nft
|
||||
- { src: "spamhaus-ipv4.nft", force: "no" }
|
||||
- { src: "spamhaus-ipv6.nft", force: "no" }
|
||||
- { src: "abusech-ipv4.nft", force: "no" }
|
||||
- { src: "abuseipdb-ipv4.nft", force: "yes" }
|
||||
- { src: "abuseipdb-ipv6.nft", force: "yes" }
|
||||
notify:
|
||||
- restart nftables
|
||||
|
||||
|
@ -42,13 +42,13 @@
|
||||
|
||||
- name: Copy extra nftables configuration files
|
||||
when: ansible_distribution_version is version('20.04', '>=')
|
||||
copy: src={{ item }} dest=/etc/nftables/{{ item }} owner=root group=root mode=0644 force=no
|
||||
copy: src={{ item.src }} dest=/etc/nftables/{{ item.src }} owner=root group=root mode=0644 force={{ item.force }}
|
||||
loop:
|
||||
- spamhaus-ipv4.nft
|
||||
- spamhaus-ipv6.nft
|
||||
- abusech-ipv4.nft
|
||||
- abuseipdb-ipv4.nft
|
||||
- abuseipdb-ipv6.nft
|
||||
- { src: "spamhaus-ipv4.nft", force: "no" }
|
||||
- { src: "spamhaus-ipv6.nft", force: "no" }
|
||||
- { src: "abusech-ipv4.nft", force: "no" }
|
||||
- { src: "abuseipdb-ipv4.nft", force: "yes" }
|
||||
- { src: "abuseipdb-ipv6.nft", force: "yes" }
|
||||
notify:
|
||||
- restart nftables
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user