rules always flushed

[backit]

Everytime rules are flushed. I would like to build my firewall in pieces, let's say:

inventory.ini:
[servers]
server1
[webserver]
server2

playbook.yml
- hosts: server
  vars:
    myrules1...
  roles:
  - role: ipr-cnrs.nftables

- host: webserver
  vars:
     myrules2
  roles:
  - role: ipr-cnrs.nftables

my server2 has only webserver rules applied, because it flushes each time all rules my server2 should have server rules and then add rules from webserver group, leaving untouched server group rules.

Is that already possbile??

[kravietz]

@backit Not sure if I understand correctly, but if you use nft_input_group_rules (an other ..._group_rules) you should be able to achieve exactly that. For each host the role collects rules for all, group and then host, then writes them into a single ruleset and only then loads into the kernel.