only block traffic on external interfaces

linux/nftables/defaults/main.yml

@@ -1,5 +1,5 @@
-nftables_whitelisted_interfaces:
-  - lo
+nftables_external_interfaces:
+  - ens3
 nftables_tcp_in:
   - 22
   - 80

linux/nftables/templates/nftables.conf

@@ -31,9 +31,13 @@ table inet firewall {
         # Allow traffic from established and related packets, drop invalid
         ct state vmap { established : accept, related : accept, invalid : drop } 
 
-        {% for interface in nftables_whitelisted_interfaces %}
+        {% if nftables_external_interfaces is defined %}
+        {% for interface in ansible_interfaces %}
+        {% if interface not in nftables_blacklisted_interfaces %}
         iifname {{ interface }} accept
+        {% endif %}
         {% endfor %}
+        {% endif %}
 
         # Jump to chain according to layer 3 protocol using a verdict map
         meta protocol vmap { ip : jump inbound_ipv4, ip6 : jump inbound_ipv6 }