folliehiyuki
/
sysconfig
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nftables: fix jinja2 indent

This commit is contained in:
Hoang Nguyen 2022-11-14 08:57:36 +07:00
parent 385332e312
commit 583f8ee265
No known key found for this signature in database
GPG Key ID: 813CF484F4993419
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
roles/nftables/templates/nftables.j2
View File

@ -84,32 +84,32 @@ table inet filter {
ip6 saddr @blackhole6 counter drop ip6 saddr @blackhole6 counter drop
# Drop future attempts on opened ports if there are already 3 established connections # Drop future attempts on opened ports if there are already 3 established connections
{% if opened_ports.tcp is sequence and opened_ports.tcp | length > 0 -%} {% if opened_ports.tcp is sequence and opened_ports.tcp | length > 0 %}
tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \ tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \
add @connlimit { ip saddr ct count over 3 } drop add @connlimit { ip saddr ct count over 3 } drop
tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \ tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \
add @connlimit6 { ip6 saddr ct count over 3 } drop add @connlimit6 { ip6 saddr ct count over 3 } drop
{% endif -%} {% endif %}
{% if opened_ports.udp is sequence and opened_ports.udp | length > 0 -%} {% if opened_ports.udp is sequence and opened_ports.udp | length > 0 %}
udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \ udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \
add @connlimit { ip saddr ct count over 3 } drop add @connlimit { ip saddr ct count over 3 } drop
udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \ udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \
add @connlimit6 { ip6 saddr ct count over 3 } drop add @connlimit6 { ip6 saddr ct count over 3 } drop
{% endif -%} {% endif %}
# Allow opened ports but also dynamically add them to the blacklist # Allow opened ports but also dynamically add them to the blacklist
{% if opened_ports.tcp is sequence and opened_ports.tcp | length > 0 -%} {% if opened_ports.tcp is sequence and opened_ports.tcp | length > 0 %}
tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \ tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \
add @blackhole { ip saddr timeout 60s limit rate 10/second } accept add @blackhole { ip saddr timeout 60s limit rate 10/second } accept
tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \ tcp dport { {{ opened_ports.tcp | join(', ') }} } ct state new \
add @blackhole6 { ip6 saddr timeout 60s limit rate 10/second } accept add @blackhole6 { ip6 saddr timeout 60s limit rate 10/second } accept
{% endif -%} {% endif %}
{% if opened_ports.udp is sequence and opened_ports.udp | length > 0 -%} {% if opened_ports.udp is sequence and opened_ports.udp | length > 0 %}
udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \ udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \
add @blackhole { ip saddr timeout 60s limit rate 10/second } accept add @blackhole { ip saddr timeout 60s limit rate 10/second } accept
udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \ udp dport { {{ opened_ports.udp | join(', ') }} } ct state new \
add @blackhole6 { ip6 saddr timeout 60s limit rate 10/second } accept add @blackhole6 { ip6 saddr timeout 60s limit rate 10/second } accept
{% endif -%} {% endif %}
} }
chain forward { chain forward {