Add nftables rules for ws-discovery
Add rule for incoming SSDP
Add rule for incoming LLMNR
Add rule for outgoing multicast DNS
Add rule for multicast listener requests (MLDv2)
Add rules for IGMP
Add rule to allow multicast DNS
Add rule to allow incoming spotify broadcast
Add rule to allow incoming multicast traffic
add ldap and active directory rules
Merge pull request #149 from hugendudel/netdev_support
Allow netdev as table family in defined type nftables::chain
Add acceptance test covering tables of type netdev
Add class for outgoing HKP firewalling
New nftables::file type to include raw file
For example:
```puppetnftables::file{'geoip': content => "include \"/files/geoipsets/dbip/*.ipv4\"\n",}```
will right a file or content into the nftables configuration.
The file written will be included in configuration....
Add rule to allow outgoing whois queries
Add class for outgoing PXP connections
Add class for pxp-agent firewalling
Add Debian support
make path to `nft` binary configureable
Add support for Arch Linux
Arch Linux stores the configuration in a different path and does notprovide firewalld without explicit installation.
This basically the same as #66 – I've reused their code since it hasn'tbeen merged in a while.
rubocop - RSpec/RepeatedExampleGroupBody
rubocop:auto_correct results
support a different table name for 'nat'- Some applications (such as libvirt) still use iptables to inject firewall rules- iptables will refuse to update tables that were initially created with nft- This commit allows defining the name of the 'nat' table in order to avoid...
Allow declaring the same set in several tables
Closes #100
Allow creating a totally empty firewall
By setting `nftables::inet_filter` and `nftables::nat` to `false`users can now start off from a totally empty firewall and add thetables, chains and rules they'd like.
The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
Rely on puppet 6 calling daemon-reload
Since Puppet 6 now there no need to explicitlycall `systemctl daemon-reload`.
Add rules for QEMU/libvirt guests
Add Docker-CE default rules
Add rules for Apache ActiveMQ
add some mail related outgoing rules
Added to tests
switch naming to puppetserver
test that all classes can be included
test that bad configuration leaves service running
Remove duplicate flush on reload
When nftables was reloaded a flush was being done both in the systemdreload call and in the nft script itself.
Add basic configuration validation acceptance test (#38)
It is not possible to start the nftables service within docker sothe service is altered to only validate the serviceconfiguration resulting from concat constructed files and nft inclusions.
