From a74d6dfc0868474abb6936970d02fb9b5d78a8a6 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Tue, 27 Jul 2021 22:01:57 +0300 Subject: [PATCH] roles/common: Don't overwrite spamhaus nft sets The ones in this repo are only placeholders that get updated by the update-spamhaus-nftables service, so we shouldn't overwrite them if they exist. --- roles/common/tasks/firewall_Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/common/tasks/firewall_Debian.yml b/roles/common/tasks/firewall_Debian.yml index aeaddde..9b8925f 100644 --- a/roles/common/tasks/firewall_Debian.yml +++ b/roles/common/tasks/firewall_Debian.yml @@ -39,7 +39,7 @@ - name: Copy extra nftables configuration files when: ansible_distribution_major_version is version('11', '>=') - copy: src={{ item }} dest=/etc/nftables/{{ item }} owner=root group=root mode=0644 + copy: src={{ item }} dest=/etc/nftables/{{ item }} owner=root group=root mode=0644 force=no loop: - spamhaus-ipv4.nft - spamhaus-ipv6.nft