Activité - puppet nftables - Koumbit's Redmine

Activité

Du 2020-08-23 au 2020-11-20

2020-11-20

10:52 Révision def3893c: Merge pull request #15 from traylenator/fixtests: Correct bad merge keachi
03:52 Révision 8b97e6a3: Correct bad merge: There was a bad merge between
* https://github.com/duritong/puppet-nftables/pull/13
* https://github.com/duritong/pu... Steve Traylen

2020-11-19

15:56 Révision a5f5fb12: Merge pull request #13 from traylenator/comment: Add comments for all the nftable::rules entries duritong
15:53 Révision 21d0496e: Merge pull request #14 from cernops/ct_away: Move conntrack rules from global to INPUT and OUTPUT duritong
15:11 Révision 7b14f6d9: Merge pull request #6 from traylenator/afs: Add rules for afs3_callback in and out rules for kerberos and openafs. keachi
10:15 Révision ea96d5db: Move ct rules from global to INPUT and OUTPUT: Nacho Barrientos
09:19 Révision 61f03b47: Switch $order$fragmenta/b to $order-$fragment-a/b: Steve Traylen
08:31 Révision e53053ce: Add comments for all the nftable::rules entries: For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for t... Steve Traylen
05:28 Révision 9e5b8bf0: Merge pull request #12 from cernops/log_format: Allow tables to add comments to $log_prefix keachi
03:16 Révision ac0af4aa: Allow tables to add comments to $log_prefix: Nacho Barrientos

2020-11-18

15:25 Révision ef3e9ad6: Merge pull request #8 from cernops/ai5973: Allow raw sets and dashes in set names duritong
11:02 Révision 9785cd54: lint fix: Steve Traylen
07:18 Révision f3f2870f: Add rules for afs3_callback: In particular the afs callback to the cache manager(7001) which is UDP and always
IPv4 since there OpenAFS does not s... Steve Traylen
07:18 Révision 215aee13: Add kerberos out and openafs_client out: Steve Traylen

2020-11-17

09:53 Révision 5e0146c2: Merge pull request #7 from cernops/reject_with: Add a parameter to control the fate of discarded traffic keachi

2020-11-16

09:19 Révision 7bb485c5: Allow dashes in set names: Nacho Barrientos
09:16 Révision 9f0498e3: Relax nftables::set::type making it optional: This is needed in case nftables::set is passed raw configuration via
source or content. Nacho Barrientos
04:50 Révision 70727742: Add a parameter to control the fate of discarded packets: Nacho Barrientos

2020-11-15

16:37 Révision 0cf43fdf: Merge pull request #4 from cernops/dhcp6: Add classes encapsulating rules for DHCPv6 client traffic (in/out) duritong
13:41 Révision 37b2a3b7: Add class nftables::services::dhcpv6_client: Nacho Barrientos
10:51 Révision 883389dc: Merge pull request #5 from cernops/custom_log_prefix: Allow customising the log prefix duritong
10:47 Révision 43566263: Add rules for outgoing and incoming DHCPv6 client traffic: Nacho Barrientos
04:44 Révision ed827383: Allow customising the log prefix: Nacho Barrientos

2020-11-13

14:21 Révision 317b8d01: Merge pull request #3 from cernops/ai5973: Add support for named sets keachi
09:57 Révision 20b96360: Add support for named sets: Nacho Barrientos
09:55 Révision e4c32222: Use concat for table conf generation: This way other components of the module will be able to add extra stuff
to the table definitions like sets. Nacho Barrientos

2020-11-05

16:43 Révision 18ec6f48: Fix rulenames which includes an index: The rulename has a regex pattern `[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]`
which allows an index at the end of the r... tr
16:37 Révision e5eb7424: Allow to specify prometheus source addresses: tr

2020-10-28

15:53 Révision e73f2e97: Fix rule node exporter: tr
15:50 Révision 8227cb1c: Manage rule in dns: tr
15:47 Révision cb50fd79: Add rule in node_exporter: tr
14:50 Révision e105f149: Include table ip6 nat: tr
14:40 Révision 248ef9d5: Add basic ip6 nat chains: tr

2020-10-27

02:22 Révision 579e27df: Fix the regex for bridge names: tr
02:22 Révision 2c00d766: Replace dashes with underlines: Docker daemon bridges contains dashes, replace them with underlines to
fit the naming concept. tr

2020-10-26

02:15 Révision 66ed7f61: migrate create_resource to the generic loop over hash approach: create_resource is notorious for not providing exact line/file info
when something fails. Since in puppet you can now... mh

2020-10-25

10:05 Révision 66b1a7a9: Allow ICMPv6 Router Advertisment packets: tr

2020-10-24

06:02 Révision fd0eaeca: Add class bridges: Allow traffic from any bridge to itself by default tr

2020-10-23

13:47 Révision c1224db5: Move filter rules to inet_filter class: tr
13:46 Révision b3a7a6dd: Allow to inject custom rules: tr
13:19 Révision 0f63a915: Git ignore .ruby-version: tr
05:55 Révision 8726ba4c: Switch back to Ruby 2.5: ```
can't modify frozen String: "true"
```
[Ticket IAC-1146](https://tickets.puppetlabs.com/browse/IAC-1146) tr

2020-10-20

12:55 Révision b171ac7f: fix offenses: mh
11:36 Révision 9511e610: Merge pull request #1 from traylenator/all: New parameter out_all, default false duritong
08:29 Révision e17693e3: New parameter out_all, default false: In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.
Defau... Steve Traylen

2020-10-16

11:17 Révision 3f91610b: Merge branch 'pdk' into 'master': Add a PDK configuration and run PDK convert
See merge request immerda/puppet-modules/nftables!1 tr
11:14 Révision 9d7d63a6: Only test with Ruby 2.7 and Puppet 6: tr
10:29 Révision 01d8a819: Styling to make tests green: tr
09:52 Révision 705bb26f: Add travis ci configuration: tr

2020-10-15

17:44 Révision ece9be27: Do PDK convert: tr

2020-10-14

12:23 Révision a074dec2: Allow index numbers: tr
12:15 Révision 25205881: Fix rule puppet out: tr

2020-10-13

14:24 Révision 4db4422a: Add http and https: tr

2020-10-11

06:52 Révision 44ac0a4e: add license file: mh

2020-08-31

06:51 Révision a6316327: Use enum instead of pattern for proto: tr
06:13 Révision 3d29a6eb: Add a rule to create snat: tr
06:12 Révision a0d5c724: Test masquerade default proto: tr
05:38 Révision 2a3b45ec: Add a define for masquerading: tr
05:01 Révision a5205d2f: Extract the dnat spec tests: tr

2020-08-30

11:08 Révision 7cc88e25: Linting: tr
11:04 Révision ba5e15bd: Add rules for OSPF: tr
10:49 Révision 351a88fb: Add a define for ipv4 dnat: tr
09:15 Révision af544fea: Create a special ingoing chain for all ingoing fwd rules: tr
08:47 Révision 9adf6851: Add mld-listener-done to the list of allowed icmpv6 types: tr
08:46 Révision b01596ea: Rename file filter to inet-filter: tr
07:18 Révision f02562f2: Stop and mask firewalld service: tr
07:09 Révision 2e704fc9: add new rules: mh
07:07 Révision 8f5d09ec: Linting: tr
07:07 Révision 9ae64df9: Add spec tests for a DNAT: tr
07:07 Révision 95b1259b: Add spec tests for ip nat prerouting: tr
07:07 Révision d78c1613: Add spec tests for router functionality: tr
07:07 Révision 605d5fde: Add spec tests for ip nat chain policies: tr
06:31 Révision c02d1b07: add a few more rules: mh
06:17 Révision c8092701: Split init class: tr
06:09 Révision c8894978: Use default: tr
06:09 Révision c8e93806: Fix nat hooks: tr
06:09 Révision 5bd849ba: Rename to snake cases: tr
06:04 Révision 7940fb07: Adapt readme to the refactoring: tr
05:45 Révision 38a67c59: Rewrite ip-nat to concat: tr
05:44 Révision 422b6851: Add spec tests for ip-nat: tr
05:43 Révision 6f38efff: Rename spec filter to inet-filter: tr
05:24 Révision 5df9303f: Replace filter with inet-filter: tr

2020-08-29

19:05 Révision 8efbdf9a: Refactoring: tr
14:31 Révision e89da898: Linting: tr
14:14 Révision f34dae00: Spec tests for default rules: tr
13:52 Révision 3ccc62ae: Add spec tests for default chains: tr
13:25 Révision be6aa569: Add spec tests for filter chains: tr
13:24 Révision a04bdb5e: Add a newline to filter chains: tr
13:01 Révision f6848bb8: Explicitly set ensure file: tr
12:38 Révision 5d3f76a0: Disable some rubocop checks for spec files: tr
12:06 Révision 5acb554a: Write some spec tests for init class: tr
11:21 Révision 73ef24d3: Drop Puppet 5 support: tr
11:17 Révision feff733b: Add a Gitlab CI pipeline: tr
11:17 Révision 64134e4e: Add spec tests it should compile: tr
11:17 Révision 186a64ca: Add gemfile and rakefile for Puppet lint and spec: tr
11:16 Révision 321ae8ab: Add Puppet module basic files: tr
11:15 Révision ecb63cef: Add dependencies: tr
10:46 Révision e140adff: Linting: tr
10:40 Révision 050f1005: Git ignore Puppet module stuff: tr
10:14 Révision 5933ab8e: Set NAT only for IPv4: tr
10:05 Révision a6064b9f: Remove whitespaces: tr
10:00 Révision 15aaf3c5: Allow only specific icmp types: * Rate limit the echo-requests
* Allow icmp types (w/o rate limit) which are protocol relevant tr
09:39 Révision d4de1bfe: Allow to set a list of dns servers: tr
09:26 Révision a98c98d4: Add in/out rules for Tor: tr
09:25 Révision 40b19655: Add a in rule for icinga2: tr
09:24 Révision df2679aa: Add in rule for puppet: tr
09:23 Révision ca24c673: Add in/out rules for wireguard: tr
09:20 Révision 223f3c54: Add a rule for dhcpc: tr
09:14 Révision 188e569f: Remove out rule ntp: Duplicate to chrony, but chrony allows every sport (which is required by
chrony). tr
09:12 Révision ee1cf60a: add outgoing puppet: mh
08:55 Révision cd664666: Allow http by default: CentOS mirrors are only available over http. tr
08:28 Révision be0b08e1: Apply a base firewall: Allow all services to install updates and manage the node. tr
08:28 Révision 0c850704: Add a class for outgoing ntp: tr
08:28 Révision c5ff0cc5: Add a class for outgoing https: tr
08:28 Révision 9da28f8c: Add a class for outgoing dns: tr
08:21 Révision a534e044: fix naming: mh
05:50 Révision 0ba57c66: initial release: mh

Formats disponibles : Atom