Historique | Voir | Annoter | Télécharger (64,9 ko)
Add firewall rule for incoming rsync requests
add icinga2 rule for outgoing traffic
regenerate REFERENCE.md
Merge pull request #252 from phaedriel/addr_array
Add support Arrays of source/destination IP addresses for nftables::simplerule
Regenerate reference
Generated reference update
Add variant array
New clobber_default_config paramter
Certain OSes namely Debian and Archlinux provide default ruleswith the OS.
This module has always respected those rules and appended all ofits own rules to the end of the existing rules.
The new parameter `clobber_default_config` if set `true` (default `false`)...
rules::llmnr: Allow interface filtering
rules::ospf3: Allow filtering on incoming interfaces
rules::out::ospf3: Allow filtering on outgoing interfaces
rules::mdns: Allow interface filtering
rules::out::mdns: Allow interface filtering
rules::icmp: Allow ICMP packets with extensions
out::icmp: Add parameter documentation
simplerule: Allow multiple oifname/iifname
Make "dropping invalid packets" configureable
It doesn't make sense to explicitly drop those pakets when the defaultpolicy is already `DROP`. Also some applications, like ceph, are knownto send packets that might be marked as invalid.
simplerule: Add support for outgoing interface filtering
rules::out:dns: refactor for better readability
simplerule: Add support for incoming interface filtering
Regenerate REFERENCE.md
Support input interface specification to dns server
Useful when you want to allow docker/podman containersaccess to a hosts dns stub resolver.
```puppetclass{'nftables::rules::dns': iifname => ['docker0'],}```
Merge pull request #189 from tskirvin/master
nftables::simplerule::dport - takes port ranges as part of the array
Merge pull request #214 from traylenator/podman
Additional rules for podman root containers
Example how to redirect one port to another
Add example how to redirect traffic from one port to another.
This class defines additional forwarding rules to let root containersreach external networks when using Netavark (since v4.0) or CNI (deprecated).At the time of writing, Podman supports automatic configuration...
add ftp helper
This adds ability to enable a connection tracker helper and provides typical ftp rules
Co-authored-by: Vadym Chepkov <vchepkov@gmail.com>Co-authored-by: Yury Bushmelev <jay4mail@gmail.com>
Merge branch 'voxpupuli:master' into master
provide an option to disable logging rejected packets
samba: Add option to drop traffic
Add nftables rules for ws-discovery
Add rule for incoming SSDP
Add rule for incoming LLMNR
Merge branch 'master' into master
Add rule for outgoing multicast DNS
Add rule for multicast listener requests (MLDv2)
Rewrite mdns rules to limit to multicast and allow IPv6
This limits the mdns listener to only listen on multicast addresses withport 5353. One rule for IPv4 and one for IPv6, each controllable with aparameter.
The generic 5353 to 5353 rule is dropped since it's redundant when I...
REFERENCE.md changes to match
Add rules for IGMP
Add rule to allow multicast DNS
Add rule to allow incoming spotify broadcast
Add rule to allow incoming multicast traffic
add ldap and active directory rules
Refresh REFERENCE
Add bridge as a valid family for chain tables
Add class for outgoing HKP firewalling
New nftables::file type to include raw file
For example:
```puppetnftables::file{'geoip': content => "include \"/files/geoipsets/dbip/*.ipv4\"\n",}```
will right a file or content into the nftables configuration.
The file written will be included in configuration....
Release 2.5.0
chrony: Allow filtering for outgoing NTP servers
Add rule to allow outgoing whois queries
Add class for outgoing PXP connections
Add class for pxp-agent firewalling
Release 2.3.0
make path to `nft` binary configureable
Prepare release 2.2.0
Fix typos in initial reference examples
Prepare release 2.1.0
Allow declaring the same set in several tables
Closes #100
Allow creating a totally empty firewall
By setting `nftables::inet_filter` and `nftables::nat` to `false`users can now start off from a totally empty firewall and add thetables, chains and rules they'd like.
The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
Prepare release 1.3.0
Add rules for QEMU/libvirt guests
Add rules for Apache ActiveMQ
Improve nftables::rule's documentation (#68)
add some mail related outgoing rules
Enable parameter_documentation lint
The linter checks that every parameter has been documented.
While corrections have been made to great many classes some morecomplicated examples have been left for now. Should be updatedas the files get touched.
https://github.com/domcleal/puppet-lint-param-docs
Pull up rule regexp to type aliases
Align simplerule and rule rulename requirements
Release 1.0.0 (#49)
Co-authored-by: duritong <peter.meier+github@immerda.ch>
Docs for nftables::set
Remove a blank separating the doc string and the code
Otherwise the generator of the docs does not do the job :/
Correct layout of ignore chain example
New parameter out_all, default false
In order to allow all outbound traffic a parameter isadded to enable a simple `allow` entry on the out chain.
Default is false so backwards compatible.
If true all the other out_bound rules (ntp, ...) will be disabled...
