disabled bash-completion by default, fix for log-prefix

ansibleguy · Oct 10, 2023 · 089d890 · 089d890
1 parent 47602f2
commit 089d890
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -52,7 +52,7 @@ nftables:
   #   sets: true
   #   nat: true
   #   deb11_backport: false  # use debian11 backports repository to install newer version on debian 10
-  #   bash_completion: true
+  #   bash_completion: false
 
   _defaults:  # defaults inherited by all tables and chains
     table:
@@ -210,10 +210,10 @@ ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes
 
   * **Default opt-ins**:
     * Purging of unmanaged config-files stored in '/etc/nftables.d/'
-    * Adding [bash-completion script](https://patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/) for the 'nft' command
 
   * **Default opt-outs**:
     * Installing NFTables from Debian 11 backports when running on Debian 10 (_newer version_)
+    * Adding [bash-completion script](https://patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/) for the 'nft' command
 
 ----
 

diff --git a/defaults/main/0_hardcoded.yml b/defaults/main/0_hardcoded.yml
@@ -122,6 +122,6 @@ NFT_HC:
 
       # add generic drop logging to any rule that drops packages
       drop_log: true
-      drop_log_prefix: 'DROP'
+      drop_log_prefix: "{{ NFT_CONFIG.log_drop_prefix }}"
 
       raw_key: ['raw', 'r']
diff --git a/defaults/main/1_main.yml b/defaults/main/1_main.yml
@@ -8,7 +8,7 @@ defaults_nftables:
     sets: true
     nat: true
     deb11_backport: false
-    bash_completion: true
+    bash_completion: false
 
   _defaults:
     table: {}
@@ -23,6 +23,7 @@ defaults_nftables:
   vars: {}  # vars shared by all tables
   purge_orphaned: true  # purge all unmanaged files from /etc/nftables.d/
 
+  log_drop_prefix: 'NFTables DROP'
   log_group: ''  # set to '0' for container workaround => send logs to local ulogd2 daemon
   ext: 'nft'  # extension used for nftables config-files
 

diff --git a/templates/etc/nftables.d/table.nft.j2 b/templates/etc/nftables.d/table.nft.j2
@@ -28,7 +28,7 @@ table {{ nft_table.type }} {{ nft_table_name }} {
     counter comment "COUNT {{ nft_table_name }}-{{ chain_name }}{% if chain_main %}-{{ chain.policy }}{% endif %}"
 {%   endif %}
 {%   if chain_main and chain.log.drop and chain.policy == 'drop' %}
-    log prefix "DROP {{ nft_table_name }}-{% if chain.log.prefix %}{{ chain.log.prefix }}{% else %}{{ chain_name }}{% endif %} "
+    log prefix "{{ NFT_CONFIG.log_drop_prefix }} {{ nft_table_name }}-{% if chain.log.prefix %}{{ chain.log.prefix }}{% else %}{{ chain_name }}{% endif %} "
 {%   endif %}
   }