From e915a7ae5ddeebf4308c40d7c9644c709f8ed0fa Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Mon, 9 Sep 2024 12:36:58 +0100 Subject: [PATCH] added missing variable Signed-off-by: Mark Bolwell --- defaults/main.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index a246b27..9f64850 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -733,16 +733,21 @@ rhel9cis_firewall: firewalld rhel9cis_default_zone: public ## Controls 4.3.x nftables -# This variable stores the name of the table to be used when configuring nftables(creating chains, configuring loopback -# traffic, established connections, default deny). If 'rhel9cis_nft_tables_autonewtable' is set as true, a new table will -# be created using as name the value stored by this variable. -rhel9cis_nft_tables_tablename: filter -## Ensure nftables base chains exist + +## 4.3.1 Ensure nftables base chains exist # This variable governs if a nftables base chain(entry point for packets from the networking stack) will be automatically # created, if needed. Without a chain, a hook for input, forward, and delete, packets that would flow through those # chains will not be touched by nftables. rhel9cis_nft_tables_autochaincreate: true +## 4.3.2 Create tables if required +rhel9cis_nft_tables_autonewtable: true +# This variable stores the name of the table to be used when configuring nftables(creating chains, configuring loopback +# traffic, established connections, default deny). If 'rhel9cis_nft_tables_autonewtable' is set as true, a new table will +# be created using as name the value stored by this variable. +rhel9cis_nft_tables_tablename: filter + + ## Section5 vars ## Section 5.1 - SSH