init

ansible/roles/harden/nftables/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: install nftables
+  ansible.builtin.apt:
+    name: nftables
+    state: present
+    update_cache: true
+  notify: apply nftables
+
+- name: deploy nftables config
+  ansible.builtin.template:
+    src: "{{ nftables_conf_name }}"
+    dest: /etc/nftables.conf
+    owner: root
+    group: root
+    mode: "0644"
+  notify: apply nftables
+
+- name: enable and start nftables service
+  ansible.builtin.systemd:
+    name: nftables
+    enabled: true
+    state: started