Historique | Voir | Annoter | Télécharger (9,47 ko)
Align filemode on RedHat to distro default
The RPM acutally ships the configuration and directory with0600/0700 while this module sets the mode to 0640/0750.
However, this has the drawback that on new nftables RPM versions,we are setting it back to the modules mode and triggering an nft...
rubocop -f RSpec/RepeatedExampleGroupDescription
rubocop:auto_correct results
Pet rubocop
support a different table name for 'nat'- Some applications (such as libvirt) still use iptables to inject firewall rules- iptables will refuse to update tables that were initially created with nft- This commit allows defining the name of the 'nat' table in order to avoid...
Auto fill simple table configuration
Allow disabling default NAT tables and chains
Reload rules atomically
Background: The unit file for nftables on CentOS 8 contains:
```ExecStart=/sbin/nft -f /etc/sysconfig/nftables.confExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'ExecStop=/sbin/nft flush ruleset```...
Switch $order$fragmenta/b to $order-$fragment-a/b
Add comments for all the nftable::rules entries
For each nftable::rule this adds an extra concat fragment toadd a comment containing the name and order number for the rule.
The motivation here is to make the mapping from resulting rules backto puppet code more obvious. When adding a new rule it should be more...
Use concat for table conf generation
This way other components of the module will be able to add extra stuffto the table definitions like sets.
Add basic ip6 nat chains
Styling to make tests green
Add spec tests for ip nat chain policies
Fix nat hooks
Rename to snake cases
