Role - tripleo_nftables

Role - tripleo_nftables¶

Role Documentation¶

Welcome to the “tripleo_nftables” role documentation.

Role Defaults¶

This section highlights all of the defaults and variables set within the “tripleo_nftables” role.

# All variables intended for modification should be placed in this file.

# All variables within this role should have a prefix of "tripleo_nftables_"

# Example rule definition
tripleo_nftables_rules:
- rule:
    proto: all
    state:
    - RELATED
    - ESTABLISHED
  rule_name: 000 accept related established rules
- rule:
    ipversion: ipv4
    proto: icmp
  rule_name: 001 accept all icmp
- rule:
    ipversion: ipv6
    proto: ipv6-icmp
  rule_name: 001 accept all ipv6-icmp
- rule:
    interface: lo
    proto: all
  rule_name: 002 accept all to lo interface
- rule:
    destination: fe80::/64
    dport: 546
    ipversion: ipv6
    proto: udp
    state:
    - NEW
  rule_name: 004 accept ipv6 dhcpv6
- rule:
    jump: LOG
    limit: 20/min
    limit_burst: 15
    proto: all
  rule_name: 998 log all
- rule:
    action: drop
    proto: all
  rule_name: 999 drop all

Molecule Scenarios¶

Molecule is being used to test the “tripleo_nftables” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default¶

Molecule Inventory¶

hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost

Example default playbook¶

- name: Converge
  hosts: all
  roles:
  - role: tripleo_nftables

this page last updated: 2022-05-11 14:04:42

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.