Manage nat rules for the inet family instead of the ip family.

[FinweVI]

In some cases, you also need the nat table for ipv6 rules.

[FinweVI]

Just added a commit to manage F2B "the systemd way".

[p-rintz]

Just as a note:
This would mean that the role only works for Linux Kernels >=5.2, as before that the inet family could not be used for NAT.

[gardouille]

Ok, after… pfiiuu "few" months… !

Several things in this PR. I will try to merge some points with the recent PR #19 (at least : fail2ban, systemd target, systemd unit for nftables,).

[gardouille]

ip to inet family require a deeper look…

Everything else will be manage in PR #20.

For extra info :

• I kept Protect* systemd options cause i need it in some environment (LXC,…).
• I kept "nftables reload" because if i use "nftables restart" instead with a bad rule's syntax, it will erase all rules (even with Debian Bullseye).
• I also kept nftables systemd unit generation to have the same unit on all my hosts (Stretch -> Bullseye). I hope to be able to drop it when i will finally drop Debian Stretch 🤞

If it's ok for you, we can discusse those points in PR #20.

-> Many thanks to point me override.conf file for Fail2ban !

[kravietz]

@gardouille This change can be tested with Molecule in all the supported distributions. I don't think anything will break as I've been using inet for everything myself for a long time, but still worth testing for any kind of implied assumptions about ip table.