Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / files @ 1d331291

# Date Auteur Commentaire
baad986e 2023-11-16 19:10 Vadym Chepkov

add ftp helper

This adds ability to enable a connection tracker helper and provides typical ftp rules

Co-authored-by: Vadym Chepkov <>
Co-authored-by: Yury Bushmelev <>
0c9bc308 2022-02-27 11:05 hashworks

Add support for Arch Linux

Arch Linux stores the configuration in a different path and does not
provide firewalld without explicit installation.

This basically the same as #66 – I've reused their code since it hasn't
been merged in a while.
9de35746 2022-02-27 10:49 hashworks

Ensure that nftables.service remains active after it exits

Some system-packages don't include it in the service-file and we expect
it. See #124.
1a4f336e 2021-02-11 16:42 Gabriel Filion

start declaring the 'global' chain with module resources

the 'global' chain is a vestigial piece of early development on this
module, but it can be useful for creating fast short-circuits like
blocking traffic that match a certain set of IPs.

in the current state we can't inject rules inside the 'global' chain...
fcb1d356 2020-12-10 02:23 Nacho Barrientos

Auto fill simple table configuration
ce22630b 2020-12-09 05:37 Steve Traylen

Remove duplicate flush on reload

When nftables was reloaded a flush was being done both in the systemd
reload call and in the nft script itself.
03d9e7da 2020-12-01 03:09 Steve Traylen

New parameter noflush_tables to selectivly skip flush

Introduces a new structured fact nftables

```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
- inet-f2b-table
```

By default the nft script will continue to contain `nft flush ruleset`...
82d10659 2020-11-26 15:39 Nacho Barrientos

Allow disabling default NAT tables and chains
30462da1 2020-11-26 05:19 Steve Traylen

Reload rules atomically

Background: The unit file for nftables on CentOS 8 contains:

```
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
ExecStop=/sbin/nft flush ruleset
```...
79e9a23f 2020-11-21 03:10 Nacho Barrientos

Move ICMP stuff to separate classes
ea96d5db 2020-11-19 10:15 Nacho Barrientos

Move ct rules from global to INPUT and OUTPUT
e4c32222 2020-11-13 09:55 Nacho Barrientos

Use concat for table conf generation

This way other components of the module will be able to add extra stuff
to the table definitions like sets.
e105f149 2020-10-28 14:50 tr

Include table ip6 nat
248ef9d5 2020-10-28 14:40 tr

Add basic ip6 nat chains
66b1a7a9 2020-10-25 10:05 tr

Allow ICMPv6 Router Advertisment packets
9adf6851 2020-08-30 08:47 tr

Add mld-listener-done to the list of allowed icmpv6 types
b01596ea 2020-08-30 08:46 tr

Rename file filter to inet-filter
38a67c59 2020-08-30 05:45 tr

Rewrite ip-nat to concat
5df9303f 2020-08-30 05:24 tr

Replace filter with inet-filter
8efbdf9a 2020-08-29 19:05 tr

Refactoring
5933ab8e 2020-08-29 10:14 tr

Set NAT only for IPv4
a6064b9f 2020-08-29 10:05 tr

Remove whitespaces
15aaf3c5 2020-08-29 10:00 tr

Allow only specific icmp types

  • Rate limit the echo-requests
  • Allow icmp types (w/o rate limit) which are protocol relevant
0ba57c66 2020-08-29 05:50 mh

initial release