bump version; add nebula_firewall_block_action

README.md

@@ -25,6 +25,8 @@ You can read more about Nebula [on the official repo](https://github.com/slackhq
     nebula_lighthouse_public_hostname: lighthouse.company.com
     nebula_lighthouse_public_port: 4242
 
+    nebula_firewall_drop_action: reject
+
     nebula_inbound_rules:
       - { port: "any", proto: "icmp", host: "any" }
       - { port: 22, proto: "tcp", host: "any" }

defaults/main.yml

@@ -1,4 +1,4 @@
-nebula_version: 1.6.1
+nebula_version: 1.7.1
 nebula_network_name: "My Nebula Mesh Network"
 nebula_network_cidr: 24
 nebula_ca_cert_duration: "87600h0m0s" #10 years
@@ -15,6 +15,8 @@ nebula_lighthouse_public_hostname: my-nebula-server.com
 nebula_lighthouse_public_port: 4242
 nebula_lighthouse_extra_config: {}
 
+nebula_firewall_block_action: drop
+
 nebula_inbound_rules:
   - { port: "any", proto: "any", host: "any" }
 nebula_outbound_rules:

templates/lighthouse_config.yml.j2

@@ -74,6 +74,8 @@ logging:
 # one node from another.
 #
 firewall:
+  outbound_action: {{ nebula_firewall_block_action | default('drop') }}
+  inbound_action: {{ nebula_firewall_block_action | default('drop') }}
   conntrack:
     tcp_timeout: 120h
     udp_timeout: 3m

templates/node_config.yml.j2

@@ -71,6 +71,8 @@ logging:
 # one node from another.
 #
 firewall:
+  outbound_action: {{ nebula_firewall_block_action | default('drop') }}
+  inbound_action: {{ nebula_firewall_block_action | default('drop') }}
   conntrack:
     tcp_timeout: 120h
     udp_timeout: 3m