Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/o-x-l/ansible-collection-nftables

Ansible modules to manage NFTables via libnftables
https://github.com/o-x-l/ansible-collection-nftables

ansible ansible-collection ansible-modules automation firewall firewall-management iac infrastructure-as-code linux network network-as-code nftable nftables nftables-rules

Last synced: about 14 hours ago
JSON representation

Ansible modules to manage NFTables via libnftables

Awesome Lists containing this project

README 

        
# Ansible Collection - ansibleguy.nftables



[![Ansible Galaxy](https://badges.ansibleguy.net/galaxy.badge.svg)](https://galaxy.ansible.com/ui/repo/published/ansibleguy/nftables)



[![Lint](https://github.com/ansibleguy/collection_nftables/actions/workflows/lint.yml/badge.svg)](https://github.com/ansibleguy/collection_nftables/actions/workflows/lint.yml)

[![Unit Tests](https://github.com/ansibleguy/collection_nftables/actions/workflows/test.yml/badge.svg)](https://github.com/ansibleguy/collection_nftables/actions/workflows/test.yml)



**Functional Tests**: 



* Status: [![Functional Test Status](https://badges.ansibleguy.net/nftables.collection.test.svg)](https://github.com/ansibleguy/collection_nftables/blob/latest/scripts/test.sh) |

[![Functional-Tests](https://github.com/ansibleguy/collection_nftables/actions/workflows/functional_test_result.yml/badge.svg)](https://github.com/ansibleguy/collection_nftables/actions/workflows/functional_test_result.yml)

* Logs: [API](https://ci.ansibleguy.net/api/job/ansible-test-collection-nftables/logs?token=2b7bba30-9a37-4b57-be8a-99e23016ce70&lines=1000) |

[Daily Archive](https://github.com/ansibleguy/collection_nftables/actions/workflows/functional_test_result.yml) |

[Short](https://badges.ansibleguy.net/log/collection_nftables_test_short.log) | [Full](https://badges.ansibleguy.net/log/collection_nftables_test.log)



Internal CI: [Tester Role](https://github.com/ansibleguy/_meta_cicd) | [Jobs API](https://github.com/O-X-L/github-self-hosted-jobs-systemd)



----



## Usage



See: [Docs](https://nftables.ansibleguy.net)



[![Docs Uptime](https://status.oxl.at/api/v1/endpoints/4--ansibleguy_ansible-collection---nftables-documentation/uptimes/7d/badge.svg)](https://status.oxl.at/endpoints/4--ansibleguy_ansible-collection---nftables-documentation)



[Alternative Link](https://nftables-ansible.readthedocs.io/)



You want a simple Ansible GUI? Check-out my [Ansible WebUI](https://github.com/ansibleguy/webui)



----



## Contribute



Feel free to contribute to this project using [pull-requests](https://github.com/ansibleguy/collection_nftables/pulls), [issues](https://github.com/ansibleguy/collection_nftables/issues) and [discussions](https://github.com/ansibleguy/collection_nftables/discussions)!



See also: [Contributing](https://github.com/ansibleguy/collection_nftables/blob/latest/CONTRIBUTING.md)



----



## Modules



not implemented => development => [testing](https://github.com/ansibleguy/collection_nftables/blob/latest/tests) => unstable (_practical testing_) => stable



| Function            | Module                       | Usage                                                                                                                                                                                | State           |

|:--------------------|:-----------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------|

| **Listing**         | ansibleguy.nftables.list     | [Docs](https://nftables.ansibleguy.net/modules/list.html)                                                                                                                  | testing     |

| **Rules**           | ansibleguy.nftables.rule     | [Docs](https://nftables.ansibleguy.net/modules/rule.html), [NFTables Docs](https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Rules) | development     |

| **1-to-1 Rules**    | ansibleguy.nftables.rule_raw | [Docs](https://nftables.ansibleguy.net/modules/rule.html), [NFTables Docs](https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Rules) | testing         |

| **Chains**          | ansibleguy.nftables.chain    | [Docs](https://nftables.ansibleguy.net/modules/chain.html), [NFTables Docs](https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains)                          | testing |

| **Tables**          | ansibleguy.nftables.table    | [Docs](https://nftables.ansibleguy.net/modules/table.html), [NFTables Docs](https://wiki.nftables.org/wiki-nftables/index.php/Configuring_tables)                          | testing |

| **Variables**       | ansibleguy.nftables.var      | [Docs](https://nftables.ansibleguy.net/modules/var.html), [NFTables Docs](https://wiki.nftables.org/wiki-nftables/index.php/Scripting#Defining_variables)                  | not implemented |

| **Sets**            | ansibleguy.nftables.set      | [Docs](https://nftables.ansibleguy.net/modules/set.html), [NFTables Docs](https://wiki.nftables.org/wiki-nftables/index.php/Sets)                                          | not implemented |

| **Limits**          | ansibleguy.nftables.limit    | [Docs](https://nftables.ansibleguy.net/modules/limit.html), [NFTables Docs](https://wiki.nftables.org/wiki-nftables/index.php/Limits)                                      | not implemented |

| **Counters**        | ansibleguy.nftables.counter  | [Docs](https://nftables.ansibleguy.net/modules/counter.html), [NFTables Docs](https://wiki.nftables.org/wiki-nftables/index.php/Counters)                                  | not implemented |



----



## Requirements



First - install nftables!



For the python library to work the installed NFTables version needs to be >= 0.9.3



```bash

sudo apt install nftables



# check the installed version

sudo apt policy nftables

```



The ansible-modules of this collection use the [python3-nftables module](https://ral-arturo.org/2020/11/22/python-nftables-tutorial.html) to interact with nftables.



You can either install it using your package manager (_apt in the example_) or using pip (_[unofficial version provided by AnsibleGuy](https://github.com/ansibleguy/python3-nftables)_) on the target system.



```bash

# package manager

sudo apt install python3-nftables



# pip => make sure it is installed for the root user or use a virtualenv

sudo pip install ansibleguy-nftables

```



You might want to install it using Ansible:



```yaml

- name: Installing NFTables

  ansible.builtin.package:

    name: ['nftables']  # or ['nftables', 'python3-nftables']



- name: Installing NFTables python-module

  ansible.builtin.pip:

    name: 'ansibleguy-nftables'



- name: Enabling and starting NFTables

  ansible.builtin.service:

    name: 'nftables.service'

    state: started

    enabled: true

```



Then - install the collection itself: (_on the controller_)



```bash

# unstable/latest version:

ansible-galaxy collection install ansibleguy.nftables

## OR

ansible-galaxy collection install git+https://github.com/ansibleguy/collection_nftables.git



# install to specific director for easier development

cd $PLAYBOOK_DIR

ansible-galaxy collection install git+https://github.com/ansibleguy/collection_nftables.git -p ./collections

```