Projet

Général

Profil

Activité

Du 2020-08-31 au 2020-11-28

2020-11-27

06:07 Révision d5a61536: Merge pull request #26 from cernops/hiera_sets
Allow sourcing sets from Hiera duritong
06:06 Révision 6b80ac21: Merge pull request #27 from traylenator/reference
Refresh REFERENCE duritong
05:21 Révision 300b7382: Do not test nftables::rules repeatadly
Rather than testing the contents of nftable::rules just test
that nftables::rules instance is correct.
The existing ... Steve Traylen
04:01 Révision 7f6cacc5: Refresh REFERENCE
Steve Traylen
03:35 Révision 802d80d1: Allow sourcing sets from Hiera
Nacho Barrientos

2020-11-26

16:09 Révision 7395300c: Merge pull request #25 from cernops/no_nat
Allow disabling default NAT tables and chains duritong
15:39 Révision 82d10659: Allow disabling default NAT tables and chains
Nacho Barrientos
15:07 Révision bd549474: Merge pull request #10 from traylenator/reload
Reload rules atomically and verify rules before deploy duritong
05:19 Révision 30462da1: Reload rules atomically
Background: The unit file for nftables on CentOS 8 contains:
```
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf... Steve Traylen

2020-11-24

10:37 Révision b10c6216: Set a customisable rate limit to the logging rules
Nacho Barrientos
07:53 Révision 92461926: Merge pull request #16 from cernops/icmp
Move ICMP stuff to separate classes allowing better customisation duritong
07:51 Révision 587e522e: Merge pull request #20 from cernops/firewalld_mask
Make masking Service['firewalld'] optional duritong
04:17 Révision ae9872e2: Make masking Service['firewalld'] configurable
Nacho Barrientos

2020-11-21

03:10 Révision 79e9a23f: Move ICMP stuff to separate classes
Nacho Barrientos

2020-11-20

10:52 Révision def3893c: Merge pull request #15 from traylenator/fixtests
Correct bad merge keachi
03:52 Révision 8b97e6a3: Correct bad merge
There was a bad merge between
* https://github.com/duritong/puppet-nftables/pull/13
* https://github.com/duritong/pu... Steve Traylen

2020-11-19

15:56 Révision a5f5fb12: Merge pull request #13 from traylenator/comment
Add comments for all the nftable::rules entries duritong
15:53 Révision 21d0496e: Merge pull request #14 from cernops/ct_away
Move conntrack rules from global to INPUT and OUTPUT duritong
15:11 Révision 7b14f6d9: Merge pull request #6 from traylenator/afs
Add rules for afs3_callback in and out rules for kerberos and openafs. keachi
10:15 Révision ea96d5db: Move ct rules from global to INPUT and OUTPUT
Nacho Barrientos
09:19 Révision 61f03b47: Switch $order$fragmenta/b to $order-$fragment-a/b
Steve Traylen
08:31 Révision e53053ce: Add comments for all the nftable::rules entries
For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for t... Steve Traylen
05:28 Révision 9e5b8bf0: Merge pull request #12 from cernops/log_format
Allow tables to add comments to $log_prefix keachi
03:16 Révision ac0af4aa: Allow tables to add comments to $log_prefix
Nacho Barrientos

2020-11-18

15:25 Révision ef3e9ad6: Merge pull request #8 from cernops/ai5973
Allow raw sets and dashes in set names duritong
11:02 Révision 9785cd54: lint fix
Steve Traylen
07:18 Révision f3f2870f: Add rules for afs3_callback
In particular the afs callback to the cache manager(7001) which is UDP and always
IPv4 since there OpenAFS does not s... Steve Traylen
07:18 Révision 215aee13: Add kerberos out and openafs_client out
Steve Traylen

2020-11-17

09:53 Révision 5e0146c2: Merge pull request #7 from cernops/reject_with
Add a parameter to control the fate of discarded traffic keachi

2020-11-16

09:19 Révision 7bb485c5: Allow dashes in set names
Nacho Barrientos
09:16 Révision 9f0498e3: Relax nftables::set::type making it optional
This is needed in case nftables::set is passed raw configuration via
source or content. Nacho Barrientos
04:50 Révision 70727742: Add a parameter to control the fate of discarded packets
Nacho Barrientos

2020-11-15

16:37 Révision 0cf43fdf: Merge pull request #4 from cernops/dhcp6
Add classes encapsulating rules for DHCPv6 client traffic (in/out) duritong
13:41 Révision 37b2a3b7: Add class nftables::services::dhcpv6_client
Nacho Barrientos
10:51 Révision 883389dc: Merge pull request #5 from cernops/custom_log_prefix
Allow customising the log prefix duritong
10:47 Révision 43566263: Add rules for outgoing and incoming DHCPv6 client traffic
Nacho Barrientos
04:44 Révision ed827383: Allow customising the log prefix
Nacho Barrientos

2020-11-13

14:21 Révision 317b8d01: Merge pull request #3 from cernops/ai5973
Add support for named sets keachi
09:57 Révision 20b96360: Add support for named sets
Nacho Barrientos
09:55 Révision e4c32222: Use concat for table conf generation
This way other components of the module will be able to add extra stuff
to the table definitions like sets. Nacho Barrientos

2020-11-05

16:43 Révision 18ec6f48: Fix rulenames which includes an index
The rulename has a regex pattern `[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]`
which allows an index at the end of the r... tr
16:37 Révision e5eb7424: Allow to specify prometheus source addresses
tr

2020-10-28

15:53 Révision e73f2e97: Fix rule node exporter
tr
15:50 Révision 8227cb1c: Manage rule in dns
tr
15:47 Révision cb50fd79: Add rule in node_exporter
tr
14:50 Révision e105f149: Include table ip6 nat
tr
14:40 Révision 248ef9d5: Add basic ip6 nat chains
tr

2020-10-27

02:22 Révision 579e27df: Fix the regex for bridge names
tr
02:22 Révision 2c00d766: Replace dashes with underlines
Docker daemon bridges contains dashes, replace them with underlines to
fit the naming concept. tr

2020-10-26

02:15 Révision 66ed7f61: migrate create_resource to the generic loop over hash approach
create_resource is notorious for not providing exact line/file info
when something fails. Since in puppet you can now... mh

2020-10-25

10:05 Révision 66b1a7a9: Allow ICMPv6 Router Advertisment packets
tr

2020-10-24

06:02 Révision fd0eaeca: Add class bridges
Allow traffic from any bridge to itself by default tr

2020-10-23

13:47 Révision c1224db5: Move filter rules to inet_filter class
tr
13:46 Révision b3a7a6dd: Allow to inject custom rules
tr
13:19 Révision 0f63a915: Git ignore .ruby-version
tr
05:55 Révision 8726ba4c: Switch back to Ruby 2.5
```
can't modify frozen String: "true"
```
[Ticket IAC-1146](https://tickets.puppetlabs.com/browse/IAC-1146) tr

2020-10-20

12:55 Révision b171ac7f: fix offenses
mh
11:36 Révision 9511e610: Merge pull request #1 from traylenator/all
New parameter out_all, default false duritong
08:29 Révision e17693e3: New parameter out_all, default false
In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.
Defau... Steve Traylen

2020-10-16

11:17 Révision 3f91610b: Merge branch 'pdk' into 'master'
Add a PDK configuration and run PDK convert
See merge request immerda/puppet-modules/nftables!1 tr
11:14 Révision 9d7d63a6: Only test with Ruby 2.7 and Puppet 6
tr
10:29 Révision 01d8a819: Styling to make tests green
tr
09:52 Révision 705bb26f: Add travis ci configuration
tr

2020-10-15

17:44 Révision ece9be27: Do PDK convert
tr

2020-10-14

12:23 Révision a074dec2: Allow index numbers
tr
12:15 Révision 25205881: Fix rule puppet out
tr

2020-10-13

14:24 Révision 4db4422a: Add http and https
tr

2020-10-11

06:52 Révision 44ac0a4e: add license file
mh

2020-08-31

06:51 Révision a6316327: Use enum instead of pattern for proto
tr
06:13 Révision 3d29a6eb: Add a rule to create snat
tr
06:12 Révision a0d5c724: Test masquerade default proto
tr
05:38 Révision 2a3b45ec: Add a define for masquerading
tr
05:01 Révision a5205d2f: Extract the dnat spec tests
tr
 

Formats disponibles : Atom