30 lines
860 B
YAML
30 lines
860 B
YAML
---
|
|
- name: Install nftables
|
|
ansible.builtin.apt:
|
|
pkg: nftables
|
|
state: present
|
|
|
|
- name: Install SCE port mapping rules
|
|
ansible.builtin.template:
|
|
src: nft.conf.j2
|
|
dest: /etc/{{ firewall_nft_table_filename }}.conf
|
|
mode: "0755"
|
|
validate: /usr/sbin/nft -cf %s
|
|
notify: Reload port mapping service
|
|
|
|
- name: Install SCE port mapping systemd service
|
|
ansible.builtin.template:
|
|
src: nft.service.j2
|
|
dest: /etc/systemd/system/{{ firewall_nft_table_filename }}.service
|
|
mode: "0644"
|
|
notify: Reload systemd daemon
|
|
|
|
# Must be placed here to ensure proper ordering of events
|
|
- name: Flush handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Ensure nft SCE port mapping service is started and enabled
|
|
ansible.builtin.systemd_service:
|
|
name: "{{ firewall_nft_table_filename }}.service"
|
|
state: started
|
|
enabled: true
|