puppet nftables

2020-11-13

14:21 Révision 317b8d01: Merge pull request #3 from cernops/ai5973

Add support for named sets keachi

09:57 Révision 20b96360: Add support for named sets

Nacho Barrientos

09:55 Révision e4c32222: Use concat for table conf generation

This way other components of the module will be able to add extra stuff
to the table definitions like sets. Nacho Barrientos

2020-11-05

16:43 Révision 18ec6f48: Fix rulenames which includes an index

The rulename has a regex pattern `[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]`
which allows an index at the end of the r... tr

16:37 Révision e5eb7424: Allow to specify prometheus source addresses

tr

2020-10-28

15:53 Révision e73f2e97: Fix rule node exporter

tr

15:50 Révision 8227cb1c: Manage rule in dns

tr

15:47 Révision cb50fd79: Add rule in node_exporter

tr

14:50 Révision e105f149: Include table ip6 nat

tr

14:40 Révision 248ef9d5: Add basic ip6 nat chains

tr

2020-10-27

02:22 Révision 579e27df: Fix the regex for bridge names

tr

02:22 Révision 2c00d766: Replace dashes with underlines

Docker daemon bridges contains dashes, replace them with underlines to
fit the naming concept. tr

2020-10-26

02:15 Révision 66ed7f61: migrate create_resource to the generic loop over hash approach

create_resource is notorious for not providing exact line/file info
when something fails. Since in puppet you can now... mh

2020-10-25

10:05 Révision 66b1a7a9: Allow ICMPv6 Router Advertisment packets

tr

2020-10-24

06:02 Révision fd0eaeca: Add class bridges

Allow traffic from any bridge to itself by default tr

2020-10-23

13:47 Révision c1224db5: Move filter rules to inet_filter class

tr

13:46 Révision b3a7a6dd: Allow to inject custom rules

tr

13:19 Révision 0f63a915: Git ignore .ruby-version

tr

05:55 Révision 8726ba4c: Switch back to Ruby 2.5

```
can't modify frozen String: "true"
```
[Ticket IAC-1146](https://tickets.puppetlabs.com/browse/IAC-1146) tr

2020-10-20

12:55 Révision b171ac7f: fix offenses

mh

11:36 Révision 9511e610: Merge pull request #1 from traylenator/all

New parameter out_all, default false duritong

08:29 Révision e17693e3: New parameter out_all, default false

In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.
Defau... Steve Traylen

2020-10-16

11:17 Révision 3f91610b: Merge branch 'pdk' into 'master'

Add a PDK configuration and run PDK convert
See merge request immerda/puppet-modules/nftables!1 tr

11:14 Révision 9d7d63a6: Only test with Ruby 2.7 and Puppet 6

tr

10:29 Révision 01d8a819: Styling to make tests green

tr

09:52 Révision 705bb26f: Add travis ci configuration

tr

2020-10-15

17:44 Révision ece9be27: Do PDK convert

tr

2020-10-14

12:23 Révision a074dec2: Allow index numbers

tr

12:15 Révision 25205881: Fix rule puppet out

tr

2020-10-13

14:24 Révision 4db4422a: Add http and https

tr

2020-10-11

06:52 Révision 44ac0a4e: add license file

mh

2020-08-31

06:51 Révision a6316327: Use enum instead of pattern for proto

tr

06:13 Révision 3d29a6eb: Add a rule to create snat

tr

06:12 Révision a0d5c724: Test masquerade default proto

tr

05:38 Révision 2a3b45ec: Add a define for masquerading

tr

05:01 Révision a5205d2f: Extract the dnat spec tests

tr

2020-08-30

11:08 Révision 7cc88e25: Linting

tr

11:04 Révision ba5e15bd: Add rules for OSPF

tr

10:49 Révision 351a88fb: Add a define for ipv4 dnat

tr

09:15 Révision af544fea: Create a special ingoing chain for all ingoing fwd rules

tr

08:47 Révision 9adf6851: Add mld-listener-done to the list of allowed icmpv6 types

tr

08:46 Révision b01596ea: Rename file filter to inet-filter

tr

07:18 Révision f02562f2: Stop and mask firewalld service

tr

07:09 Révision 2e704fc9: add new rules

mh

07:07 Révision 8f5d09ec: Linting

tr

07:07 Révision 9ae64df9: Add spec tests for a DNAT

tr

07:07 Révision 95b1259b: Add spec tests for ip nat prerouting

tr

07:07 Révision d78c1613: Add spec tests for router functionality

tr

07:07 Révision 605d5fde: Add spec tests for ip nat chain policies

tr

06:31 Révision c02d1b07: add a few more rules

mh

06:17 Révision c8092701: Split init class

tr

06:09 Révision c8894978: Use default

tr

06:09 Révision c8e93806: Fix nat hooks

tr

06:09 Révision 5bd849ba: Rename to snake cases

tr

06:04 Révision 7940fb07: Adapt readme to the refactoring

tr

05:45 Révision 38a67c59: Rewrite ip-nat to concat

tr

05:44 Révision 422b6851: Add spec tests for ip-nat

tr

05:43 Révision 6f38efff: Rename spec filter to inet-filter

tr

05:24 Révision 5df9303f: Replace filter with inet-filter

tr

2020-08-29

19:05 Révision 8efbdf9a: Refactoring

tr

14:31 Révision e89da898: Linting

tr

14:14 Révision f34dae00: Spec tests for default rules

tr

13:52 Révision 3ccc62ae: Add spec tests for default chains

tr

13:25 Révision be6aa569: Add spec tests for filter chains

tr

13:24 Révision a04bdb5e: Add a newline to filter chains

tr

13:01 Révision f6848bb8: Explicitly set ensure file

tr

12:38 Révision 5d3f76a0: Disable some rubocop checks for spec files

tr

12:06 Révision 5acb554a: Write some spec tests for init class

tr

11:21 Révision 73ef24d3: Drop Puppet 5 support

tr

11:17 Révision feff733b: Add a Gitlab CI pipeline

tr

11:17 Révision 64134e4e: Add spec tests it should compile

tr

11:17 Révision 186a64ca: Add gemfile and rakefile for Puppet lint and spec

tr

11:16 Révision 321ae8ab: Add Puppet module basic files

tr

11:15 Révision ecb63cef: Add dependencies

tr

10:46 Révision e140adff: Linting

tr

10:40 Révision 050f1005: Git ignore Puppet module stuff

tr

10:14 Révision 5933ab8e: Set NAT only for IPv4

tr

10:05 Révision a6064b9f: Remove whitespaces

tr

10:00 Révision 15aaf3c5: Allow only specific icmp types

* Rate limit the echo-requests
* Allow icmp types (w/o rate limit) which are protocol relevant tr

09:39 Révision d4de1bfe: Allow to set a list of dns servers

tr

09:26 Révision a98c98d4: Add in/out rules for Tor

tr

09:25 Révision 40b19655: Add a in rule for icinga2

tr

09:24 Révision df2679aa: Add in rule for puppet

tr

09:23 Révision ca24c673: Add in/out rules for wireguard

tr

09:20 Révision 223f3c54: Add a rule for dhcpc

tr

09:14 Révision 188e569f: Remove out rule ntp

Duplicate to chrony, but chrony allows every sport (which is required by
chrony). tr

09:12 Révision ee1cf60a: add outgoing puppet

mh

08:55 Révision cd664666: Allow http by default

CentOS mirrors are only available over http. tr

08:28 Révision be0b08e1: Apply a base firewall

Allow all services to install updates and manage the node. tr

08:28 Révision 0c850704: Add a class for outgoing ntp

tr

08:28 Révision c5ff0cc5: Add a class for outgoing https

tr

08:28 Révision 9da28f8c: Add a class for outgoing dns

tr

08:21 Révision a534e044: fix naming

mh

05:50 Révision 0ba57c66: initial release

mh