ansible-personal

alanorth/ansible-personal

Fork 0

Commit Graph

Author	SHA1	Message	Date
Alan Orth	8bc2b6f493	roles/common: Retab nftables.conf.j2	2021-07-27 22:03:23 +03:00
Alan Orth	d3922e7878	roles/common: Port configurable firewall logic to nftables This opens TCP port 22 on all hosts, TCP ports 80 and 443 on hosts in the web group, and allows configuration of "extra" rules in the host or group vars.	2021-07-27 21:22:32 +03:00
Alan Orth	9bba0d96bb	roles/common: Add initial support for nftables on Debian 11 I will try using nftables directly instead of via firewalld as of Debian 11 as it is the replacement for the iptables/ipset stack in recent years and is easier to work with. This also includes a systemd service, timer, and script to update the spamhaus DROP lists as nftables sets. Still need to add fail2ban support.	2021-07-26 13:09:41 +03:00

Author

SHA1

Message

Date

Alan Orth

8bc2b6f493

roles/common: Retab nftables.conf.j2

2021-07-27 22:03:23 +03:00

Alan Orth

d3922e7878

roles/common: Port configurable firewall logic to nftables

This opens TCP port 22 on all hosts, TCP ports 80 and 443 on hosts
in the web group, and allows configuration of "extra" rules in the
host or group vars.

2021-07-27 21:22:32 +03:00

Alan Orth

9bba0d96bb

roles/common: Add initial support for nftables on Debian 11

I will try using nftables directly instead of via firewalld as of
Debian 11 as it is the replacement for the iptables/ipset stack in
recent years and is easier to work with.

This also includes a systemd service, timer, and script to update
the spamhaus DROP lists as nftables sets.

Still need to add fail2ban support.

2021-07-26 13:09:41 +03:00

3 Commits