[nftables] Install and enable nftables on routers

2020-08-19 17:49:07 +02:00 · 2020-08-19 17:49:07 +02:00 · b76d538ad6
parent 68ce662296
commit b76d538ad6
2 changed files with 18 additions and 2 deletions
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@ -4,13 +4,14 @@
 - hosts: crans_routeurs
  roles:
    - sysctl-forwarding
+    - nftables

 - hosts: routeur-sam.adm.crans.org
  roles:
    - arp-proxy

 # Deploy firewall
- hosts: crans_routeurs,gulp.adm.crans.org
+- hosts: crans_routeurs
  vars:
    re2o:
      server: re2o.adm.crans.org
@ -20,7 +21,7 @@
    - firewall

 # Deploy BGP server configuration on IPv4 routers
- hosts: crans_routeurs,gulp.adm.crans.org
+- hosts: crans_routeurs
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
--- a/roles/nftables/tasks/main.yml
+++ b/roles/nftables/tasks/main.yml
@ -0,0 +1,15 @@
+---
+- name: Install nftables
+  apt:
+    name: nftables
+    state: present
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Enable and start nftables
+  systemd:
+    name: nftables
+    enabled: true
+    state: started