Projet

Général

Profil

Activité

Du 2020-08-27 au 2020-11-24

2020-11-24

10:37 Révision b10c6216: Set a customisable rate limit to the logging rules
Nacho Barrientos
07:53 Révision 92461926: Merge pull request #16 from cernops/icmp
Move ICMP stuff to separate classes allowing better customisation duritong
07:51 Révision 587e522e: Merge pull request #20 from cernops/firewalld_mask
Make masking Service['firewalld'] optional duritong
04:17 Révision ae9872e2: Make masking Service['firewalld'] configurable
Nacho Barrientos

2020-11-21

03:10 Révision 79e9a23f: Move ICMP stuff to separate classes
Nacho Barrientos

2020-11-20

10:52 Révision def3893c: Merge pull request #15 from traylenator/fixtests
Correct bad merge keachi
03:52 Révision 8b97e6a3: Correct bad merge
There was a bad merge between
* https://github.com/duritong/puppet-nftables/pull/13
* https://github.com/duritong/pu... Steve Traylen

2020-11-19

15:56 Révision a5f5fb12: Merge pull request #13 from traylenator/comment
Add comments for all the nftable::rules entries duritong
15:53 Révision 21d0496e: Merge pull request #14 from cernops/ct_away
Move conntrack rules from global to INPUT and OUTPUT duritong
15:11 Révision 7b14f6d9: Merge pull request #6 from traylenator/afs
Add rules for afs3_callback in and out rules for kerberos and openafs. keachi
10:15 Révision ea96d5db: Move ct rules from global to INPUT and OUTPUT
Nacho Barrientos
09:19 Révision 61f03b47: Switch $order$fragmenta/b to $order-$fragment-a/b
Steve Traylen
08:31 Révision e53053ce: Add comments for all the nftable::rules entries
For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for t... Steve Traylen
05:28 Révision 9e5b8bf0: Merge pull request #12 from cernops/log_format
Allow tables to add comments to $log_prefix keachi
03:16 Révision ac0af4aa: Allow tables to add comments to $log_prefix
Nacho Barrientos

2020-11-18

15:25 Révision ef3e9ad6: Merge pull request #8 from cernops/ai5973
Allow raw sets and dashes in set names duritong
11:02 Révision 9785cd54: lint fix
Steve Traylen
07:18 Révision f3f2870f: Add rules for afs3_callback
In particular the afs callback to the cache manager(7001) which is UDP and always
IPv4 since there OpenAFS does not s... Steve Traylen
07:18 Révision 215aee13: Add kerberos out and openafs_client out
Steve Traylen

2020-11-17

09:53 Révision 5e0146c2: Merge pull request #7 from cernops/reject_with
Add a parameter to control the fate of discarded traffic keachi

2020-11-16

09:19 Révision 7bb485c5: Allow dashes in set names
Nacho Barrientos
09:16 Révision 9f0498e3: Relax nftables::set::type making it optional
This is needed in case nftables::set is passed raw configuration via
source or content. Nacho Barrientos
04:50 Révision 70727742: Add a parameter to control the fate of discarded packets
Nacho Barrientos

2020-11-15

16:37 Révision 0cf43fdf: Merge pull request #4 from cernops/dhcp6
Add classes encapsulating rules for DHCPv6 client traffic (in/out) duritong
13:41 Révision 37b2a3b7: Add class nftables::services::dhcpv6_client
Nacho Barrientos
10:51 Révision 883389dc: Merge pull request #5 from cernops/custom_log_prefix
Allow customising the log prefix duritong
10:47 Révision 43566263: Add rules for outgoing and incoming DHCPv6 client traffic
Nacho Barrientos
04:44 Révision ed827383: Allow customising the log prefix
Nacho Barrientos

2020-11-13

14:21 Révision 317b8d01: Merge pull request #3 from cernops/ai5973
Add support for named sets keachi
09:57 Révision 20b96360: Add support for named sets
Nacho Barrientos
09:55 Révision e4c32222: Use concat for table conf generation
This way other components of the module will be able to add extra stuff
to the table definitions like sets. Nacho Barrientos

2020-11-05

16:43 Révision 18ec6f48: Fix rulenames which includes an index
The rulename has a regex pattern `[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]`
which allows an index at the end of the r... tr
16:37 Révision e5eb7424: Allow to specify prometheus source addresses
tr

2020-10-28

15:53 Révision e73f2e97: Fix rule node exporter
tr
15:50 Révision 8227cb1c: Manage rule in dns
tr
15:47 Révision cb50fd79: Add rule in node_exporter
tr
14:50 Révision e105f149: Include table ip6 nat
tr
14:40 Révision 248ef9d5: Add basic ip6 nat chains
tr

2020-10-27

02:22 Révision 579e27df: Fix the regex for bridge names
tr
02:22 Révision 2c00d766: Replace dashes with underlines
Docker daemon bridges contains dashes, replace them with underlines to
fit the naming concept. tr

2020-10-26

02:15 Révision 66ed7f61: migrate create_resource to the generic loop over hash approach
create_resource is notorious for not providing exact line/file info
when something fails. Since in puppet you can now... mh

2020-10-25

10:05 Révision 66b1a7a9: Allow ICMPv6 Router Advertisment packets
tr

2020-10-24

06:02 Révision fd0eaeca: Add class bridges
Allow traffic from any bridge to itself by default tr

2020-10-23

13:47 Révision c1224db5: Move filter rules to inet_filter class
tr
13:46 Révision b3a7a6dd: Allow to inject custom rules
tr
13:19 Révision 0f63a915: Git ignore .ruby-version
tr
05:55 Révision 8726ba4c: Switch back to Ruby 2.5
```
can't modify frozen String: "true"
```
[Ticket IAC-1146](https://tickets.puppetlabs.com/browse/IAC-1146) tr

2020-10-20

12:55 Révision b171ac7f: fix offenses
mh
11:36 Révision 9511e610: Merge pull request #1 from traylenator/all
New parameter out_all, default false duritong
08:29 Révision e17693e3: New parameter out_all, default false
In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.
Defau... Steve Traylen

2020-10-16

11:17 Révision 3f91610b: Merge branch 'pdk' into 'master'
Add a PDK configuration and run PDK convert
See merge request immerda/puppet-modules/nftables!1 tr
11:14 Révision 9d7d63a6: Only test with Ruby 2.7 and Puppet 6
tr
10:29 Révision 01d8a819: Styling to make tests green
tr
09:52 Révision 705bb26f: Add travis ci configuration
tr

2020-10-15

17:44 Révision ece9be27: Do PDK convert
tr

2020-10-14

12:23 Révision a074dec2: Allow index numbers
tr
12:15 Révision 25205881: Fix rule puppet out
tr

2020-10-13

14:24 Révision 4db4422a: Add http and https
tr

2020-10-11

06:52 Révision 44ac0a4e: add license file
mh

2020-08-31

06:51 Révision a6316327: Use enum instead of pattern for proto
tr
06:13 Révision 3d29a6eb: Add a rule to create snat
tr
06:12 Révision a0d5c724: Test masquerade default proto
tr
05:38 Révision 2a3b45ec: Add a define for masquerading
tr
05:01 Révision a5205d2f: Extract the dnat spec tests
tr

2020-08-30

11:08 Révision 7cc88e25: Linting
tr
11:04 Révision ba5e15bd: Add rules for OSPF
tr
10:49 Révision 351a88fb: Add a define for ipv4 dnat
tr
09:15 Révision af544fea: Create a special ingoing chain for all ingoing fwd rules
tr
08:47 Révision 9adf6851: Add mld-listener-done to the list of allowed icmpv6 types
tr
08:46 Révision b01596ea: Rename file filter to inet-filter
tr
07:18 Révision f02562f2: Stop and mask firewalld service
tr
07:09 Révision 2e704fc9: add new rules
mh
07:07 Révision 8f5d09ec: Linting
tr
07:07 Révision 9ae64df9: Add spec tests for a DNAT
tr
07:07 Révision 95b1259b: Add spec tests for ip nat prerouting
tr
07:07 Révision d78c1613: Add spec tests for router functionality
tr
07:07 Révision 605d5fde: Add spec tests for ip nat chain policies
tr
06:31 Révision c02d1b07: add a few more rules
mh
06:17 Révision c8092701: Split init class
tr
06:09 Révision c8894978: Use default
tr
06:09 Révision c8e93806: Fix nat hooks
tr
06:09 Révision 5bd849ba: Rename to snake cases
tr
06:04 Révision 7940fb07: Adapt readme to the refactoring
tr
05:45 Révision 38a67c59: Rewrite ip-nat to concat
tr
05:44 Révision 422b6851: Add spec tests for ip-nat
tr
05:43 Révision 6f38efff: Rename spec filter to inet-filter
tr
05:24 Révision 5df9303f: Replace filter with inet-filter
tr

2020-08-29

19:05 Révision 8efbdf9a: Refactoring
tr
14:31 Révision e89da898: Linting
tr
14:14 Révision f34dae00: Spec tests for default rules
tr
13:52 Révision 3ccc62ae: Add spec tests for default chains
tr
13:25 Révision be6aa569: Add spec tests for filter chains
tr
13:24 Révision a04bdb5e: Add a newline to filter chains
tr
13:01 Révision f6848bb8: Explicitly set ensure file
tr
12:38 Révision 5d3f76a0: Disable some rubocop checks for spec files
tr
12:06 Révision 5acb554a: Write some spec tests for init class
tr
11:21 Révision 73ef24d3: Drop Puppet 5 support
tr
11:17 Révision feff733b: Add a Gitlab CI pipeline
tr
11:17 Révision 64134e4e: Add spec tests it should compile
tr
11:17 Révision 186a64ca: Add gemfile and rakefile for Puppet lint and spec
tr
11:16 Révision 321ae8ab: Add Puppet module basic files
tr
11:15 Révision ecb63cef: Add dependencies
tr
10:46 Révision e140adff: Linting
tr
10:40 Révision 050f1005: Git ignore Puppet module stuff
tr
10:14 Révision 5933ab8e: Set NAT only for IPv4
tr
10:05 Révision a6064b9f: Remove whitespaces
tr
10:00 Révision 15aaf3c5: Allow only specific icmp types
* Rate limit the echo-requests
* Allow icmp types (w/o rate limit) which are protocol relevant tr
09:39 Révision d4de1bfe: Allow to set a list of dns servers
tr
09:26 Révision a98c98d4: Add in/out rules for Tor
tr
09:25 Révision 40b19655: Add a in rule for icinga2
tr
09:24 Révision df2679aa: Add in rule for puppet
tr
09:23 Révision ca24c673: Add in/out rules for wireguard
tr
09:20 Révision 223f3c54: Add a rule for dhcpc
tr
09:14 Révision 188e569f: Remove out rule ntp
Duplicate to chrony, but chrony allows every sport (which is required by
chrony). tr
09:12 Révision ee1cf60a: add outgoing puppet
mh
08:55 Révision cd664666: Allow http by default
CentOS mirrors are only available over http. tr
08:28 Révision be0b08e1: Apply a base firewall
Allow all services to install updates and manage the node. tr
08:28 Révision 0c850704: Add a class for outgoing ntp
tr
08:28 Révision c5ff0cc5: Add a class for outgoing https
tr
08:28 Révision 9da28f8c: Add a class for outgoing dns
tr
08:21 Révision a534e044: fix naming
mh
05:50 Révision 0ba57c66: initial release
mh
 

Formats disponibles : Atom