rework firewall setup

2023-09-24 20:59:58 +02:00 · 2023-09-24 20:59:58 +02:00 · cd48cf495d
commit cd48cf495d
parent be62c1270f
30 changed files with 145 additions and 122 deletions
--- a/bundles/nftables/items.py
+++ b/bundles/nftables/items.py
@ -15,8 +15,12 @@ directories = {

 files = {
    '/etc/nftables.conf': {
-        'needs': {
-            'directory:/etc/nftables-rules.d',
+        'content_type': 'mako',
+        'context': {
+            'forward': node.metadata.get('nftables/forward', {}),
+            'input': node.metadata.get('nftables/input', {}),
+            'postrouting': node.metadata.get('nftables/postrouting', {}),
+            'prerouting': node.metadata.get('nftables/prerouting', {}),
        },
        'triggers': {
            'svc_systemd:nftables:reload',
@ -32,21 +36,6 @@ files = {
    },
 }

-for ruleset, rules in node.metadata.get('nftables/rules', {}).items():
-    files[f'/etc/nftables-rules.d/{ruleset}'] = {
-        'source': 'rules-template',
-        'content_type': 'mako',
-        'context': {
-            'rules': rules,
-        },
-        'needed_by': {
-            'svc_systemd:nftables',
-        },
-        'triggers': {
-            'svc_systemd:nftables:reload',
-        },
-    }
-
 svc_systemd = {
    'nftables': {
        'needs': {