feat(security): added nftables firewall

2023-12-12 00:00:00 +00:00 · 2023-12-12 00:00:00 +00:00 · 639b01c351
commit 639b01c351
parent 7e617bc471
9 changed files with 211 additions and 0 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/defaults/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/defaults/main.yml
@ -5,6 +5,29 @@ security:
    https_ignore_list: []
  clamav:
    version: 1.2.1
+  firewall:
+    enable: true
+    nat:
+      policy:
+        prerouting: accept
+        input: accept
+        postrouting: accept
+        output: accept
+      additional_rules: ""
+    mangle:
+      drop_privatenets: true
+      policy:
+        prerouting: accept
+        postrouting: accept
+        output: accept
+        forward: drop
+      additional_rules: ""
+    filter:
+      policy:
+        input: drop
+        output: drop
+        forward: drop
+      additional_rules: ""

 custom_security: {}
 recursive_combine: true