change iptables to nftables

2023-10-26 14:16:21 +02:00 · 2023-10-26 14:16:21 +02:00 · f2b6b61840
parent 13eb16ac17
commit f2b6b61840
3 changed files with 21 additions and 15 deletions
--- a/roles/config-fail2ban/handlers/main.yaml
+++ b/roles/config-fail2ban/handlers/main.yaml
@ -1,5 +1,10 @@
 # restart fail2ban service to apply changes
- name: Restart fail2ban
+- name: restart fail2ban
  service:
    name: "{{ fail2ban_daemon }}"
+    state: restarted
+# restart nftables service
+- name: restart nftables
+  service:
+    name: "{{ nftables_daemon }}"
    state: restarted
--- a/roles/config-fail2ban/tasks/main.yaml
+++ b/roles/config-fail2ban/tasks/main.yaml
@ -5,18 +5,17 @@
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # comprobe if fail2ban is installed if not then install fail2ban
 # Gather the package facts
- name: Gather the package facts
-  package_facts:
-    manager: auto
+#- name: Gather the package facts
+#  package_facts:
+#    manager: auto
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # install packages if is not in the system
- name: install fail2ban package if is not in the system
-  apt:
-    name: fail2ban
-    state: present
-  when: "'fail2ban' not in ansible_facts.packages"
+#- name: install fail2ban package if is not in the system
+#  apt:
+#    name: fail2ban
+#    state: present
+#  when: "'fail2ban' not in ansible_facts.packages"
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@ -30,11 +29,12 @@
    group: root
    mode: '0644'
    backup: true
-  notify: Restart fail2ban
+  notify: restart fail2ban
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-# service should start on boot.
- name: service should start on boot
+# service nftables should start on boot.
+- name: service nftables should start on boot
  service:
-    name: "{{ fail2ban_daemon }}"
+    name: "{{ nftables_daemon }}"
    enabled: yes
+  notify: restart nftables
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--- a/roles/config-fail2ban/vars/main.yaml
+++ b/roles/config-fail2ban/vars/main.yaml
@ -1,3 +1,4 @@
 # vars file
 path_jail_local: /etc/fail2ban/jail.local
-fail2ban_daemon: fail2ban
+fail2ban_daemon: fail2ban
+nftables_daemon: nftables