30 lines
610 B
YAML
30 lines
610 B
YAML
- name: ensure nftables is installed
|
|
dnf:
|
|
name: nftables >= 0.8
|
|
state: present
|
|
enablerepo: updates-testing
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure nftables ruleset drop-in directory exists
|
|
file:
|
|
path=/etc/nftables/ruleset.d
|
|
mode=0755
|
|
state=directory
|
|
- name: ensure nftables is configured
|
|
copy:
|
|
src=nftables.conf
|
|
dest=/etc/sysconfig/nftables.conf
|
|
mode=0644
|
|
notify: reload nftables
|
|
|
|
- name: ensure nftables starts at boot
|
|
service:
|
|
name=nftables
|
|
enabled=yes
|
|
- meta: flush_handlers
|
|
- name: ensure nftables is running
|
|
service:
|
|
name=nftables
|
|
state=started
|