nftables: Fix support for raw rules

2025-04-05 19:51:54 +00:00 · 2025-04-05 19:51:54 +00:00 · ededecd167
commit ededecd167
parent 46a15fb9ce
1 changed files with 10 additions and 0 deletions
--- a/roles/nftables/templates/nftables.conf.j2
+++ b/roles/nftables/templates/nftables.conf.j2
@ -8,6 +8,11 @@ table ip filter {
        ct state vmap { established : accept, related : accept }
        ip protocol icmp accept
        iifname lo accept
+{% if firewall_raw is defined %}
+{%   for rule in firewall_raw %}
+        {{ rule }}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from %}
@ -35,6 +40,11 @@ table ip6 filter {
        type filter hook input priority 0; policy accept
        ct state vmap { established : accept, related : accept }
        ip6 nexthdr icmpv6 accept
+{% if firewall_raw6 is defined %}
+{%   for rule in firewall_raw6 %}
+        {{ rule }}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from %}