Compare commits
3 Commits
602734acce
...
afffd87201
| Author | SHA1 | Date | |
|---|---|---|---|
afffd87201
|
|||
|
d21f3d9371
|
|||
|
a6ef7a1c4e
|
@@ -9,7 +9,6 @@
|
|||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify:
|
notify:
|
||||||
- Restart nftables
|
- Restart nftables
|
||||||
- Restart fail2ban
|
|
||||||
|
|
||||||
- name: Create /etc/nftables extra config directory
|
- name: Create /etc/nftables extra config directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
@@ -20,17 +19,14 @@
|
|||||||
|
|
||||||
- name: Copy extra nftables configuration files
|
- name: Copy extra nftables configuration files
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.src }}"
|
src: firehol_level1-ipv4.nft
|
||||||
dest: /etc/nftables/{{ item.src }}
|
dest: /etc/nftables/firehol_level1-ipv4.nft
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: "{{ item.force }}"
|
force: false
|
||||||
loop:
|
|
||||||
- { src: firehol_level1-ipv4.nft, force: false }
|
|
||||||
notify:
|
notify:
|
||||||
- Restart nftables
|
- Restart nftables
|
||||||
- Restart fail2ban
|
|
||||||
|
|
||||||
- name: Copy nftables update scripts
|
- name: Copy nftables update scripts
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
@@ -40,27 +36,6 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: Remove deprecated data and scripts
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: absent
|
|
||||||
loop:
|
|
||||||
- /etc/nftables/spamhaus-ipv4.nft
|
|
||||||
- /etc/nftables/spamhaus-ipv6.nft
|
|
||||||
- /etc/nftables/abuseipdb-ipv4.nft
|
|
||||||
- /etc/nftables/abuseipdb-ipv6.nft
|
|
||||||
- /etc/nftables/abusech-ipv4.nft
|
|
||||||
- /usr/local/bin/update-abusech-nftables.sh
|
|
||||||
- /usr/local/bin/update-spamhaus-nftables.sh
|
|
||||||
- /etc/systemd/system/update-abusech-nftables.service
|
|
||||||
- /etc/systemd/system/update-abusech-nftables.timer
|
|
||||||
- /etc/systemd/system/update-spamhaus-nftables.service
|
|
||||||
- /etc/systemd/system/update-spamhaus-nftables.timer
|
|
||||||
- /usr/local/bin/aggregate-cidr-addresses.pl
|
|
||||||
notify:
|
|
||||||
- Restart nftables
|
|
||||||
- Restart fail2ban
|
|
||||||
|
|
||||||
- name: Copy nftables systemd units
|
- name: Copy nftables systemd units
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
@@ -81,11 +56,9 @@
|
|||||||
|
|
||||||
- name: Start and enable nftables update timers
|
- name: Start and enable nftables update timers
|
||||||
ansible.builtin.systemd_service:
|
ansible.builtin.systemd_service:
|
||||||
name: "{{ item }}"
|
name: update-firehol-nftables.timer
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
loop:
|
|
||||||
- update-firehol-nftables.timer
|
|
||||||
|
|
||||||
- name: Start and enable nftables
|
- name: Start and enable nftables
|
||||||
ansible.builtin.systemd_service:
|
ansible.builtin.systemd_service:
|
||||||
|
|||||||
Reference in New Issue
Block a user