arillso.system.to_nftables_hierarchy filter – Convert hierarchical firewall configs to merged nftables structure
Note
This filter plugin is part of the arillso.system collection (version 1.0.5).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install arillso.system.
To use it in a playbook, specify: arillso.system.to_nftables_hierarchy.
New in arillso.system 1.0.0
Synopsis
Converts multi-level firewall configurations to a single merged nftables structure.
Priority order (highest wins) - firewall (base) → firewall_global → firewall_group → firewall_host
Later configurations completely override earlier ones if they have content.
Used by the
arillso.system.firewallrole for multi-level firewall configuration.
Keyword parameters
This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following
example: input | arillso.system.to_nftables_hierarchy(key1=value1, key2=value2, ...)
Parameter |
Comments |
|---|---|
Enable debug output for troubleshooting Choices:
|
|
Dictionary containing firewall configuration levels Keys are ‘firewall’, ‘firewall_global’, ‘firewall_group’, ‘firewall_host’ Each value is a list of nftables table configurations |
See Also
See also
- arillso.system.to_nftables_rule filter plugin
Convert YAML rule to nftables syntax
- arillso.system.to_nftables_ports filter plugin
Format port list for nftables syntax
Examples
# Apply hierarchical override
- set_fact:
final_firewall: "{{ {
'firewall': firewall | default([]),
'firewall_global': firewall_global | default([]),
'firewall_group': firewall_group | default([]),
'firewall_host': firewall_host | default([])
} | arillso.system.to_nftables_hierarchy }}"
# With debug enabled
- set_fact:
final_firewall: "{{ firewall_configs | arillso.system.to_nftables_hierarchy(debug=true) }}"
Return Value
Key |
Description |
|---|---|
Merged and validated nftables configuration structure Returned: success |