Historique | Voir | Annoter | Télécharger (5,14 ko)
Add support for Arch Linux
Arch Linux stores the configuration in a different path and does notprovide firewalld without explicit installation.
This basically the same as #66 – I've reused their code since it hasn'tbeen merged in a while.
rubocop - RSpec/RepeatedExampleGroupBody
rubocop:auto_correct results
support a different table name for 'nat'- Some applications (such as libvirt) still use iptables to inject firewall rules- iptables will refuse to update tables that were initially created with nft- This commit allows defining the name of the 'nat' table in order to avoid...
Allow creating a totally empty firewall
By setting `nftables::inet_filter` and `nftables::nat` to `false`users can now start off from a totally empty firewall and add thetables, chains and rules they'd like.
The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
Rely on puppet 6 calling daemon-reload
Since Puppet 6 now there no need to explicitlycall `systemctl daemon-reload`.
test that bad configuration leaves service running
Remove duplicate flush on reload
When nftables was reloaded a flush was being done both in the systemdreload call and in the nft script itself.
Add basic configuration validation acceptance test (#38)
It is not possible to start the nftables service within docker sothe service is altered to only validate the serviceconfiguration resulting from concat constructed files and nft inclusions.
