Historique | Voir | Annoter | Télécharger (8,67 ko)
New clobber_default_config paramter
Certain OSes namely Debian and Archlinux provide default ruleswith the OS.
This module has always respected those rules and appended all ofits own rules to the end of the existing rules.
The new parameter `clobber_default_config` if set `true` (default `false`)...
Add acceptance test covering tables of type netdev
Add Debian support
make path to `nft` binary configureable
Add support for Arch Linux
Arch Linux stores the configuration in a different path and does notprovide firewalld without explicit installation.
This basically the same as #66 – I've reused their code since it hasn'tbeen merged in a while.
rubocop - RSpec/RepeatedExampleGroupBody
rubocop:auto_correct results
support a different table name for 'nat'- Some applications (such as libvirt) still use iptables to inject firewall rules- iptables will refuse to update tables that were initially created with nft- This commit allows defining the name of the 'nat' table in order to avoid...
Allow creating a totally empty firewall
By setting `nftables::inet_filter` and `nftables::nat` to `false`users can now start off from a totally empty firewall and add thetables, chains and rules they'd like.
The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
Rely on puppet 6 calling daemon-reload
Since Puppet 6 now there no need to explicitlycall `systemctl daemon-reload`.
test that bad configuration leaves service running
Remove duplicate flush on reload
When nftables was reloaded a flush was being done both in the systemdreload call and in the nft script itself.
Add basic configuration validation acceptance test (#38)
It is not possible to start the nftables service within docker sothe service is altered to only validate the serviceconfiguration resulting from concat constructed files and nft inclusions.
