Create role nftables

[gderber]

Needs to do the following:

• [x] Install nftables
• [ ] Configure nftables.conf based on servers hosted
• [ ] Configure fail2ban to use nftables

[gderber]

References:

• https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
• https://home.regit.org/netfilter-en/nftables-quick-howto/
• https://wiki.archlinux.org/index.php/nftables
• https://people.netfilter.org/pablo/nft-tutorial.pdf
• https://wiki.debian.org/nftables
• https://wiki.gentoo.org/wiki/Nftables/Examples
• https://github.com/ipr-cnrs/nftables
• https://github.com/Frzk/ansible-role-nftables
• https://el.newoutlook.it/download/book/Linux-Firewalls-Enhancing-Security-with-nftables-and-Beyond.pdf

[gderber]

Required nftables configuration for Fail2ban. https://wiki.meurisse.org/wiki/Fail2Ban

[gderber]

Does nftables work with a nftables.d/* include? I think so, don't remember, this is a note for later.

The answer is yes.

#!/usr/sbin/nft -f

# include a single file using the default search path
include "ipv4-nat.ruleset"

# include all files ending in *.nft in the default search path
include "*.nft"

# include all files in a given directory using an absolute path
include "/etc/nftables/"

Refs:

• https://wiki.nftables.org/wiki-nftables/index.php/Scripting