Activité
Du 2020-09-03 au 2020-12-01
2020-12-01
- 15:05 Révision c3be15e0: Merge pull request #31 from traylenator/selective
- New parameter noflush_tables to selectivly skip flush
- 05:42 Révision 5210e023: Add NFS-related rules
- Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
- 04:33 Révision bbc93ede: Add ceph related rules
- Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
- 03:09 Révision 03d9e7da: New parameter noflush_tables to selectivly skip flush
- Introduces a new structured fact nftables
```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
...
2020-11-30
- 07:21 Révision 9fe75e32: Merge pull request #30 from traylenator/slc
- Scientific Linux 8 will never exist
- 05:27 Révision 2ccf856b: Scientific Linux 8 will never exist
- As per
https://listserv.fnal.gov/scripts/wa.exe?A2=ind1904&L=SCIENTIFIC-LINUX-ANNOUNCE&P=78
2020-11-29
- 13:22 Révision 72aad4a2: Merge pull request #28 from traylenator/simplify
- Do not test nftables::rules repeatadly
- 13:18 Révision 902ceaac: Merge pull request #22 from cernops/log_limit
- Set a customisable rate limit to the logging rules
2020-11-27
- 06:07 Révision d5a61536: Merge pull request #26 from cernops/hiera_sets
- Allow sourcing sets from Hiera
- 06:06 Révision 6b80ac21: Merge pull request #27 from traylenator/reference
- Refresh REFERENCE
- 05:21 Révision 300b7382: Do not test nftables::rules repeatadly
- Rather than testing the contents of nftable::rules just test
that nftables::rules instance is correct.
The existing ... - 04:01 Révision 7f6cacc5: Refresh REFERENCE
- 03:35 Révision 802d80d1: Allow sourcing sets from Hiera
2020-11-26
- 16:09 Révision 7395300c: Merge pull request #25 from cernops/no_nat
- Allow disabling default NAT tables and chains
- 15:39 Révision 82d10659: Allow disabling default NAT tables and chains
- 15:07 Révision bd549474: Merge pull request #10 from traylenator/reload
- Reload rules atomically and verify rules before deploy
- 05:19 Révision 30462da1: Reload rules atomically
- Background: The unit file for nftables on CentOS 8 contains:
```
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf...
2020-11-24
- 10:37 Révision b10c6216: Set a customisable rate limit to the logging rules
- 07:53 Révision 92461926: Merge pull request #16 from cernops/icmp
- Move ICMP stuff to separate classes allowing better customisation
- 07:51 Révision 587e522e: Merge pull request #20 from cernops/firewalld_mask
- Make masking Service['firewalld'] optional
- 04:17 Révision ae9872e2: Make masking Service['firewalld'] configurable
2020-11-21
2020-11-20
- 10:52 Révision def3893c: Merge pull request #15 from traylenator/fixtests
- Correct bad merge
- 03:52 Révision 8b97e6a3: Correct bad merge
- There was a bad merge between
* https://github.com/duritong/puppet-nftables/pull/13
* https://github.com/duritong/pu...
2020-11-19
- 15:56 Révision a5f5fb12: Merge pull request #13 from traylenator/comment
- Add comments for all the nftable::rules entries
- 15:53 Révision 21d0496e: Merge pull request #14 from cernops/ct_away
- Move conntrack rules from global to INPUT and OUTPUT
- 15:11 Révision 7b14f6d9: Merge pull request #6 from traylenator/afs
- Add rules for afs3_callback in and out rules for kerberos and openafs.
- 10:15 Révision ea96d5db: Move ct rules from global to INPUT and OUTPUT
- 09:19 Révision 61f03b47: Switch $order$fragmenta/b to $order-$fragment-a/b
- 08:31 Révision e53053ce: Add comments for all the nftable::rules entries
- For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for t... - 05:28 Révision 9e5b8bf0: Merge pull request #12 from cernops/log_format
- Allow tables to add comments to $log_prefix
- 03:16 Révision ac0af4aa: Allow tables to add comments to $log_prefix
2020-11-18
- 15:25 Révision ef3e9ad6: Merge pull request #8 from cernops/ai5973
- Allow raw sets and dashes in set names
- 11:02 Révision 9785cd54: lint fix
- 07:18 Révision f3f2870f: Add rules for afs3_callback
- In particular the afs callback to the cache manager(7001) which is UDP and always
IPv4 since there OpenAFS does not s... - 07:18 Révision 215aee13: Add kerberos out and openafs_client out
2020-11-17
- 09:53 Révision 5e0146c2: Merge pull request #7 from cernops/reject_with
- Add a parameter to control the fate of discarded traffic
2020-11-16
- 09:19 Révision 7bb485c5: Allow dashes in set names
- 09:16 Révision 9f0498e3: Relax nftables::set::type making it optional
- This is needed in case nftables::set is passed raw configuration via
source or content. - 04:50 Révision 70727742: Add a parameter to control the fate of discarded packets
2020-11-15
- 16:37 Révision 0cf43fdf: Merge pull request #4 from cernops/dhcp6
- Add classes encapsulating rules for DHCPv6 client traffic (in/out)
- 13:41 Révision 37b2a3b7: Add class nftables::services::dhcpv6_client
- 10:51 Révision 883389dc: Merge pull request #5 from cernops/custom_log_prefix
- Allow customising the log prefix
- 10:47 Révision 43566263: Add rules for outgoing and incoming DHCPv6 client traffic
- 04:44 Révision ed827383: Allow customising the log prefix
2020-11-13
- 14:21 Révision 317b8d01: Merge pull request #3 from cernops/ai5973
- Add support for named sets
- 09:57 Révision 20b96360: Add support for named sets
- 09:55 Révision e4c32222: Use concat for table conf generation
- This way other components of the module will be able to add extra stuff
to the table definitions like sets.
2020-11-05
- 16:43 Révision 18ec6f48: Fix rulenames which includes an index
- The rulename has a regex pattern `[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]`
which allows an index at the end of the r... - 16:37 Révision e5eb7424: Allow to specify prometheus source addresses
2020-10-28
- 15:53 Révision e73f2e97: Fix rule node exporter
- 15:50 Révision 8227cb1c: Manage rule in dns
- 15:47 Révision cb50fd79: Add rule in node_exporter
- 14:50 Révision e105f149: Include table ip6 nat
- 14:40 Révision 248ef9d5: Add basic ip6 nat chains
2020-10-27
- 02:22 Révision 579e27df: Fix the regex for bridge names
- 02:22 Révision 2c00d766: Replace dashes with underlines
- Docker daemon bridges contains dashes, replace them with underlines to
fit the naming concept.
2020-10-26
- 02:15 Révision 66ed7f61: migrate create_resource to the generic loop over hash approach
- create_resource is notorious for not providing exact line/file info
when something fails. Since in puppet you can now...
2020-10-25
2020-10-24
- 06:02 Révision fd0eaeca: Add class bridges
- Allow traffic from any bridge to itself by default
2020-10-23
- 13:47 Révision c1224db5: Move filter rules to inet_filter class
- 13:46 Révision b3a7a6dd: Allow to inject custom rules
- 13:19 Révision 0f63a915: Git ignore .ruby-version
- 05:55 Révision 8726ba4c: Switch back to Ruby 2.5
- ```
can't modify frozen String: "true"
```
[Ticket IAC-1146](https://tickets.puppetlabs.com/browse/IAC-1146)
2020-10-20
- 12:55 Révision b171ac7f: fix offenses
- 11:36 Révision 9511e610: Merge pull request #1 from traylenator/all
- New parameter out_all, default false
- 08:29 Révision e17693e3: New parameter out_all, default false
- In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.
Defau...
2020-10-16
- 11:17 Révision 3f91610b: Merge branch 'pdk' into 'master'
- Add a PDK configuration and run PDK convert
See merge request immerda/puppet-modules/nftables!1 - 11:14 Révision 9d7d63a6: Only test with Ruby 2.7 and Puppet 6
- 10:29 Révision 01d8a819: Styling to make tests green
- 09:52 Révision 705bb26f: Add travis ci configuration
2020-10-15
2020-10-14
2020-10-13
2020-10-11
Formats disponibles : Atom