Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / manifests / init.pp @ 948ebc98

Historique | Voir | Annoter | Télécharger (5,26 ko)

# Date Auteur Commentaire
f0bd8791 2020-12-09 10:58 duritong

Merge pull request #34 from traylenator/dedupe_flush

Remove duplicate flush on reload
b9785000 2020-12-09 09:42 Steve Traylen

Correct layout of ignore chain example
ce22630b 2020-12-09 05:37 Steve Traylen

Remove duplicate flush on reload

When nftables was reloaded a flush was being done both in the systemd
reload call and in the nft script itself.
c4b1b93b 2020-12-08 07:58 Steve Traylen

Comment why firewalld_enable parameter is required (#40)
31b17627 2020-12-07 11:18 Steve Traylen

Use single line for each parameter definition
11bf7237 2020-12-07 09:51 Steve Traylen

lint_fix results
e3c56ff6 2020-12-03 03:48 keachi

Merge pull request #29 from keachi/fwd_conntrack

Enable conntrack in FORWARD
24a5a2a7 2020-12-02 15:05 tr

Enable conntrack in FORWARD
03d9e7da 2020-12-01 03:09 Steve Traylen

New parameter noflush_tables to selectivly skip flush

Introduces a new structured fact nftables

```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
- inet-f2b-table
```

By default the nft script will continue to contain `nft flush ruleset`...
902ceaac 2020-11-29 13:18 keachi

Merge pull request #22 from cernops/log_limit

Set a customisable rate limit to the logging rules
802d80d1 2020-11-27 03:35 Nacho Barrientos

Allow sourcing sets from Hiera
82d10659 2020-11-26 15:39 Nacho Barrientos

Allow disabling default NAT tables and chains
30462da1 2020-11-26 05:19 Steve Traylen

Reload rules atomically

Background: The unit file for nftables on CentOS 8 contains:

```
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
ExecStop=/sbin/nft flush ruleset
```...
b10c6216 2020-11-24 10:37 Nacho Barrientos

Set a customisable rate limit to the logging rules
92461926 2020-11-24 07:53 duritong

Merge pull request #16 from cernops/icmp

Move ICMP stuff to separate classes allowing better customisation
ae9872e2 2020-11-24 04:17 Nacho Barrientos

Make masking Service['firewalld'] configurable
79e9a23f 2020-11-21 03:10 Nacho Barrientos

Move ICMP stuff to separate classes
ea96d5db 2020-11-19 10:15 Nacho Barrientos

Move ct rules from global to INPUT and OUTPUT
ac0af4aa 2020-11-19 03:16 Nacho Barrientos

Allow tables to add comments to $log_prefix
70727742 2020-11-16 04:50 Nacho Barrientos

Add a parameter to control the fate of discarded packets
ed827383 2020-11-15 04:44 Nacho Barrientos

Allow customising the log prefix
66ed7f61 2020-10-26 02:15 mh

migrate create_resource to the generic loop over hash approach

create_resource is notorious for not providing exact line/file info
when something fails. Since in puppet you can now loop over hashes
and you have the splat assignment operator. This means you get much...
b3a7a6dd 2020-10-23 13:46 tr

Allow to inject custom rules
e17693e3 2020-10-20 08:29 Steve Traylen

New parameter out_all, default false

In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.

Default is false so backwards compatible.

If true all the other out_bound rules (ntp, ...) will be disabled...
f02562f2 2020-08-30 07:18 tr

Stop and mask firewalld service
c8092701 2020-08-30 06:17 tr

Split init class
c8894978 2020-08-30 06:09 tr

Use default
38a67c59 2020-08-30 05:45 tr

Rewrite ip-nat to concat
5df9303f 2020-08-30 05:24 tr

Replace filter with inet-filter
8efbdf9a 2020-08-29 19:05 tr

Refactoring
5acb554a 2020-08-29 12:06 tr

Write some spec tests for init class
e140adff 2020-08-29 10:46 tr

Linting
5933ab8e 2020-08-29 10:14 tr

Set NAT only for IPv4
188e569f 2020-08-29 09:14 tr

Remove out rule ntp

Duplicate to chrony, but chrony allows every sport (which is required by
chrony).
cd664666 2020-08-29 08:55 tr

Allow http by default

CentOS mirrors are only available over http.
be0b08e1 2020-08-29 08:28 tr

Apply a base firewall

Allow all services to install updates and manage the node.
0ba57c66 2020-08-29 05:50 mh

initial release