From c3f1866b75bc782a1f55a427379274871217157c Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Tue, 27 Feb 2024 09:43:04 +0100
Subject: Add interface-wide policies for fw-nftables

---
 playbooks.d/fw-nftables/playbook.bash | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'playbooks.d')

diff --git a/playbooks.d/fw-nftables/playbook.bash b/playbooks.d/fw-nftables/playbook.bash
index 748c177..927e414 100644
--- a/playbooks.d/fw-nftables/playbook.bash
+++ b/playbooks.d/fw-nftables/playbook.bash
@@ -27,6 +27,14 @@ playbook_sync() {
 		printf "\t\tct state invalid %s;\n" \
 			"$(config "$BASHTARD_PLAYBOOK.input.state.invalid.policy" "drop")"
 
+		# Add interface rules
+		printf "\n"
+		while read -r interface
+		do
+			info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for interface $interface"
+			printf "\t\tiifname %s %s;\n" "$interface" "$(config "$BASHTARD_PLAYBOOK.input.interfaces.$interface.policy")"
+		done < <(config_subkeys "$BASHTARD_PLAYBOOK.input.interfaces")
+
 		# Add ICMP rules
 		info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for ICMP"
 		printf "\n"
-- 
cgit v1.1