Activité
Du 2020-11-20 au 2021-02-17
2021-02-14
- 10:00 Révision 942569ea: Merge pull request #73 from Koumbit/global_chain_not_hardcoded
- start declaring the 'global' chain with module resources
- 01:26 Révision cf38fe4a: create tests for presence of the "global" chain
2021-02-11
- 16:42 Révision 1a4f336e: start declaring the 'global' chain with module resources
- the 'global' chain is a vestigial piece of early development on this
module, but it can be useful for creating fast s...
2021-01-29
- 06:59 Révision ca0e9755: Bump version to 1.1.2-rc0 (#72)
- Manual MR due to travis_release being broken by necessity to approve.
https://github.com/voxpupuli/puppet-nftables/i... - 03:10 Révision bd0d7998: Release 1.1.1 (#71)
2021-01-28
- 06:06 Révision 0f100e5c: Merge pull request #70 from cernops/issue69
- Fix IP version filter for IPv6 traffic
2021-01-27
- 06:48 Révision 14156fb6: Add unit test
- 06:45 Révision 1d56f209: Fix IP version filter for IPv6 traffic
2021-01-26
2021-01-25
- 17:40 Révision 863b9d93: Merge branch 'dev-debian_support' into stretch_support
- 17:38 Révision f29ea029: Fix nftables::rules::out::nfs3 for nftables 0.9.0
- 16:33 Révision df9a09bb: Fix nftables::rules::nfs3 syntax to work with nftables 0.9.0
- 10:19 Révision 7d44d49e: [blacksmith] Bump version to 1.1.1-rc0
- 10:16 Révision afc4dd16: Release 1.1.0 (#67)
2021-01-21
2021-01-19
- 17:34 Révision de7a904c: Move configuration_path default to module data
- 15:22 Révision cb6f3584: Fix reloads on Debian Stretch
- The paths for various binaries are slightly different
- 11:41 Révision f307977a: Merge branch 'dev-debian_support' into stretch_support
- 11:38 Révision 7fe7a4aa: Rename nftables_configuration_path to configuration_path
- 11:27 Révision db7f6aef: Remove commented code from spec_helper
- It's not necessary, and will be removed the next time modulesync is run.
- 11:26 Révision 546de19c: Change configuration path form AbsolutePath to Unixpath
2021-01-18
- 16:40 Révision 08f77750: Mark Debian 9 as supported
- 16:35 Révision b4558e94: Use /usr/sbin for nft binary path in systemd service
- /sbin in Debian Buster is a symbolic link to /usr/sbin; however,
in Debian Stretch it's a separate folder and the nft... - 16:35 Révision 26cdcbbd: Support old-style facts for facter in Debian Stretch
- 16:31 Révision f8c4097f: Fix Debian data defaults
- The module name prefix was missing in the hieradata. I removed the modifications
to spec_helper.rb that made the test... - 16:21 Révision c8683bd8: Revert "Use symbols for both lookups in os_facts"
- This reverts commit 0877a8fd3646130f06b29e581a1ed2f990394094.
My initial tests were too hasty. `os_facts[:os][:famil... - 15:37 Révision 430c87b7: Load module data during spec tests
- This allows tests that depend on the module data being loaded to pass.
- 14:44 Révision 0877a8fd: Use symbols for both lookups in os_facts
- The access does work this way and it seems preferable to be
consistent. The access using `os_facts['os']` does not work. - 14:37 Révision cad7d4cd: Merge pull request #60 from duritong/more_mail_client_rules
- add some mail related outgoing rules
- 14:07 Révision 19908f41: add some mail related outgoing rules
- 14:00 Révision 19a87d6f: Add Debian as a supported OS
- 14:00 Révision a86c6409: Convert puppet_nft systemd drop-in unit file to template
- 14:00 Révision 96705735: Add test cases for Debian
- 14:00 Révision 8d22a441: WIP: Start adding support for Debian
- 11:28 Révision 2827108d: Merge pull request #63 from traylenator/badges
- Add badges to README
- 11:18 Révision e2031b31: Merge pull request #64 from traylenator/params
- Enable parameter_documentation lint
- 11:17 Révision e977eb3b: Merge pull request #62 from glpatcern/master
- Added Samba in rules
- 10:36 Révision 09cba182: Enable parameter_documentation lint
- The linter checks that every parameter has been documented.
While corrections have been made to great many classes s... - 10:19 Révision 354a82d9: Removed unneeded parentheses
- 09:43 Révision 82b6fd57: Add badges to README
- 09:36 Révision 4470f70c: Updated docs
- Co-authored-by: Nacho Barrientos <nacho@criptonita.com>
- 09:04 Révision 6587545a: Merge pull request #53 from cernops/allrules_check
- Check that all the predefined rules are declared in the all rules acceptance test
- 08:35 Révision e743f82e: Made ctdb rule parameterized
- 08:07 Révision c3f6e1ff: Use a separate job file
- 08:00 Révision 3246b968: Check that all rules are declared in the all rules acceptance test
- 07:42 Révision beaf4ee3: Merge pull request #59 from cernops/issue58
- Align simplerule and rule rulename requirements
- 07:37 Révision 8c00b818: Pull up rule regexp to type aliases
- 06:25 Révision 1ee2f66b: Added to tests
- 05:51 Révision a6f61c62: Added Samba in rules
2021-01-13
2020-12-15
- 05:14 Révision 2bcfc1aa: [blacksmith] Bump version to 1.0.1-rc0
- 05:07 Révision bc1b0f1a: Release 1.0.0 (#49)
- * Release 1.0.0
Co-authored-by: duritong <peter.meier+github@immerda.ch>
2020-12-14
- 05:35 Révision 5d71ec69: Merge pull request #56 from traylenator/ports
- Use Stdlib::Port everywhere in place of Integer
- 05:07 Révision 94a80621: Use Stdlib::Port everywhere in place of Integer
- Use Stdlib::Port in place of Integer for ports
Fixes #37 - 03:46 Révision b1085d8d: Merge pull request #55 from traylenator/moredocs
- Docs for nftables::set
- 03:27 Révision c868cae3: Update manifests/set.pp
- 03:06 Révision 13f4e4c6: Docs for nftables::set
- 02:26 Révision b3040dd8: Merge pull request #42 from duritong/terminology
- switch not the server naming
2020-12-13
2020-12-11
- 02:38 Révision 38205751: Merge pull request #47 from cernops/issue45
- Prefix custom tables with custom- so they're loaded
- 02:25 Révision 948ebc98: Prefix custom tables with custom- so they're loaded
- 02:19 Révision bacf254e: Merge pull request #48 from cernops/config_template
- Several fixes for nftables::config
2020-12-10
- 15:21 Révision c2800a39: Merge pull request #50 from traylenator/moretests
- Correct nfs3 invalid udp /tcp matching rule and more tests
- 09:21 Révision 2075a727: Correct NFS udp and tcp port matching
- There was a missing `th` from rule which from the examples in the man
page is meant to be there.
Cannot find the doc... - 09:20 Révision d8752442: test that bad configuration leaves service running
- 09:20 Révision cfcafde5: test that all classes can be included
- 09:20 Révision cba0cb86: Merge pull request #52 from cernops/simplerule_reference
- Remove a blank separating the doc string and the code
- 06:53 Révision b46c9ce9: Remove a blank separating the doc string and the code
- Otherwise the generator of the docs does not do the job :/
- 06:14 Révision c7e37bdc: Merge pull request #51 from bastelfreak/puppet7
- Enable Puppet 7 support
- 05:31 Révision e0be8190: Enable Puppet 7 support
- 02:51 Révision 3fe51d68: Merge pull request #33 from cernops/simplerule
- Add nftables::simplerule
- 02:24 Révision c5418fd3: Validate table spec
- 02:24 Révision 04f5c035: Fix context name (removes dup)
- 02:23 Révision 294a38ff: Implement intended failure
- 02:23 Révision fcb1d356: Auto fill simple table configuration
2020-12-09
- 11:45 Révision 4d63adda: Refresh REFERENCE
- 11:44 Révision 83382bb5: Add nftables::simplerule
- 11:44 Révision fb65734d: s/setname/rulename
- 11:44 Révision 3a52fb41: Richer dport
- 11:44 Révision 316bc3f8: Allow IPv4 and IPv6 only rules
- 11:44 Révision d38aab5b: Test passing a port without protocol
- 11:44 Révision aaa37172: Implement nftables:;simplerule::daddr
- 11:44 Révision d43ced4d: Implement nftables:;simplerule::counter
- 11:44 Révision 4ec94616: Re-document and add example
- 11:44 Révision 2489f932: Correct error message
- 11:44 Révision 2cc54308: Remove optional modifier on $table
- It does not really make sense to pass undef to nftables::rule
- 11:44 Révision 467ea4e2: Lint fixes
- 11:44 Révision 6793d286: Handle dport internally always as an array
- 11:44 Révision fb58f7b3: Remove double spacing
- 11:44 Révision 77abc10b: Implement nftables::simplerule::sport
- 11:44 Révision af15de48: Recommend using nftables::rule
- 11:44 Révision 2f28cced: Document nftables::simplerule's parameters
- 11:44 Révision 5944b9cb: Allow some other types of verdicts
- 11:44 Révision abb04c95: Mention nftables::simplerule in the README
- 11:44 Révision 3a469f2b: Implement nftables::simplerule::saddr
- 11:44 Révision 6739966c: Sort template parameters alphabetically
- 11:44 Révision 09b07e56: Encapsulate port-related exprs in Nftables::Port
- 11:44 Révision f1ef02c5: Encapsulate addr-related exprs in Nftables::Addr
- 11:44 Révision 55277023: Align template parameters
- 11:44 Révision 42e7f3ea: Relax type validation in template
- It comes already validated from the calling class.
- 10:58 Révision f0bd8791: Merge pull request #34 from traylenator/dedupe_flush
- Remove duplicate flush on reload
- 10:34 Révision 354a3ea5: Merge pull request #44 from traylenator/formatting
- Correct layout of ignore table example
- 09:42 Révision b9785000: Correct layout of ignore chain example
- 05:37 Révision ce22630b: Remove duplicate flush on reload
- When nftables was reloaded a flush was being done both in the systemd
reload call and in the nft script itself. - 04:55 Révision 03d8e696: Merge pull request #41 from traylenator/rubocop
- rubocop corrections
- 04:37 Révision 139ec11d: Merge pull request #43 from cernops/doc_typos
- Fix typos and formatting in the README
- 04:08 Révision 1330c27e: Add a hint about changing default output configuration
- 04:06 Révision 8ded326d: Fix typo in class name
- 04:06 Révision 4ed97e58: Add a separation between the header and the content
- 04:06 Révision 620da9a6: Add remark about the global chain
- 04:06 Révision 0f31ffbe: Fix grammatical error
- 04:05 Révision 1ffab17b: Add full stop
2020-12-08
- 11:49 Révision da8956d3: Enable rubocop check
- Will submit centrally if all well.
- 11:49 Révision 7e5b657a: rubocop:auto_correct fixes
- 09:23 Révision 492ca838: Disable Disable TrailingCommaInArguments early
- Can be reverted once
https://github.com/voxpupuli/voxpupuli-test/pull/36
is released - 07:58 Révision c4b1b93b: Comment why firewalld_enable parameter is required (#40)
- 07:54 Révision bd5145ab: Add basic configuration validation acceptance test (#38)
- * Add basic configuration validation acceptance test
It is not possible to start the nftables service within docker ...
2020-12-07
- 11:23 Révision 7db6f797: Merge pull request #36 from traylenator/modulesync
- modulesync 4.0.0 and general alignment to voxpupuli.
- 11:18 Révision 31b17627: Use single line for each parameter definition
- 11:18 Révision 5b4c71bc: Correctly remove puppet4 support
- 11:18 Révision 4630574b: Correct author, add tags and issues to metadata
- 10:13 Révision 59c1ddf4: Mock with mocha
- 09:56 Révision b09d43bf: Adapt metadata to voxpupuli name space
- 09:51 Révision 11bf7237: lint_fix results
- 09:25 Révision 78f22811: modulesync 4.0.0
- 09:21 Révision 8897f7d0: Drop duritong .sync.yml
2020-12-03
- 03:48 Révision e3c56ff6: Merge pull request #29 from keachi/fwd_conntrack
- Enable conntrack in FORWARD
2020-12-02
- 15:05 Révision 24a5a2a7: Enable conntrack in FORWARD
- 08:03 Révision ed8e4643: Merge pull request #32 from dvanders/ceph_nfs
- Add Ceph and NFS rules
- 05:37 Révision f4e9e995: Test ceph rules
- Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
- 05:37 Révision d0c972c3: Test NFS rules
- Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
2020-12-01
- 15:05 Révision c3be15e0: Merge pull request #31 from traylenator/selective
- New parameter noflush_tables to selectivly skip flush
- 05:42 Révision 5210e023: Add NFS-related rules
- Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
- 04:33 Révision bbc93ede: Add ceph related rules
- Signed-off-by: Dan van der Ster <daniel.vanderster@cern.ch>
- 03:09 Révision 03d9e7da: New parameter noflush_tables to selectivly skip flush
- Introduces a new structured fact nftables
```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
...
2020-11-30
- 07:21 Révision 9fe75e32: Merge pull request #30 from traylenator/slc
- Scientific Linux 8 will never exist
- 05:27 Révision 2ccf856b: Scientific Linux 8 will never exist
- As per
https://listserv.fnal.gov/scripts/wa.exe?A2=ind1904&L=SCIENTIFIC-LINUX-ANNOUNCE&P=78
2020-11-29
- 13:22 Révision 72aad4a2: Merge pull request #28 from traylenator/simplify
- Do not test nftables::rules repeatadly
- 13:18 Révision 902ceaac: Merge pull request #22 from cernops/log_limit
- Set a customisable rate limit to the logging rules
2020-11-27
- 06:07 Révision d5a61536: Merge pull request #26 from cernops/hiera_sets
- Allow sourcing sets from Hiera
- 06:06 Révision 6b80ac21: Merge pull request #27 from traylenator/reference
- Refresh REFERENCE
- 05:21 Révision 300b7382: Do not test nftables::rules repeatadly
- Rather than testing the contents of nftable::rules just test
that nftables::rules instance is correct.
The existing ... - 04:01 Révision 7f6cacc5: Refresh REFERENCE
- 03:35 Révision 802d80d1: Allow sourcing sets from Hiera
2020-11-26
- 16:09 Révision 7395300c: Merge pull request #25 from cernops/no_nat
- Allow disabling default NAT tables and chains
- 15:39 Révision 82d10659: Allow disabling default NAT tables and chains
- 15:07 Révision bd549474: Merge pull request #10 from traylenator/reload
- Reload rules atomically and verify rules before deploy
- 05:19 Révision 30462da1: Reload rules atomically
- Background: The unit file for nftables on CentOS 8 contains:
```
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf...
2020-11-24
- 10:37 Révision b10c6216: Set a customisable rate limit to the logging rules
- 07:53 Révision 92461926: Merge pull request #16 from cernops/icmp
- Move ICMP stuff to separate classes allowing better customisation
- 07:51 Révision 587e522e: Merge pull request #20 from cernops/firewalld_mask
- Make masking Service['firewalld'] optional
- 04:17 Révision ae9872e2: Make masking Service['firewalld'] configurable
2020-11-21
2020-11-20
- 10:52 Révision def3893c: Merge pull request #15 from traylenator/fixtests
- Correct bad merge
- 03:52 Révision 8b97e6a3: Correct bad merge
- There was a bad merge between
* https://github.com/duritong/puppet-nftables/pull/13
* https://github.com/duritong/pu...
Formats disponibles : Atom