Historique | Voir | Annoter | Télécharger (2,86 ko)
Move ICMP stuff to separate classes
Move ct rules from global to INPUT and OUTPUT
Allow tables to add comments to $log_prefix
Add a parameter to control the fate of discarded packets
Allow customising the log prefix
migrate create_resource to the generic loop over hash approach
create_resource is notorious for not providing exact line/file infowhen something fails. Since in puppet you can now loop over hashesand you have the splat assignment operator. This means you get much...
Allow to inject custom rules
New parameter out_all, default false
In order to allow all outbound traffic a parameter isadded to enable a simple `allow` entry on the out chain.
Default is false so backwards compatible.
If true all the other out_bound rules (ntp, ...) will be disabled...
Stop and mask firewalld service
Split init class
Use default
Rewrite ip-nat to concat
Replace filter with inet-filter
Refactoring
Write some spec tests for init class
Linting
Set NAT only for IPv4
Remove out rule ntp
Duplicate to chrony, but chrony allows every sport (which is required bychrony).
Allow http by default
CentOS mirrors are only available over http.
Apply a base firewall
Allow all services to install updates and manage the node.
initial release
