add nftable support

6dd39b70 · Fanch · 581d803e · 6dd39b70 · 6dd39b70 · 6dd39b70
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -2,3 +2,4 @@

 warn_list:
  - git-latest
+  - risky-file-permissions
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -2,8 +2,9 @@
 - name: Converge
  hosts: all
  vars:
-    iptables_ip_versions: ['ipv4']
-    iptables_services: ['iptables']
+    iptables_ip_versions: ['ipv4', 'ipv6']
+    iptables_services: ['nftables']
+    iptables_packages: ['iptables-nft', 'nftables']
    iptables_open_port_in: [80, 443]
  tasks:
    - name: "Include iptables"

--- a/tasks/install.yml
+++ b/tasks/install.yml
 ---

+- name: Remove Packages iptables Packages
+  ansible.builtin.package:
+    name: iptables
+    state: absent
+    force: true  # as it is a systemd deps
+  when:
+    - '"iptables-nft" in iptables_packages'
+
 - name: Install Packages
  ansible.builtin.package:
    name: "{{ iptables_packages }}"

--- a/tasks/save.yml
+++ b/tasks/save.yml
@@ -19,3 +19,18 @@
    - '"ipv6" in iptables_ip_versions'
    - '"ip6tables" in iptables_services'
  notify: Restart Iptables Services
+
+- name: Get Nftables rules
+  command: 'nft -s list ruleset'
+  register: nft_output
+  when:
+    - '"nftables" in iptables_services'
+  changed_when: false
+
+- name: Save Nftables State
+  copy:
+    content: "{{ nft_output.stdout }}"
+    dest: "/etc/nftables.conf"
+    backup: 'yes'
+  when:
+    - '"nftables" in iptables_services'