Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec / classes / nftables_spec.rb @ 7937a13b

Historique | Voir | Annoter | Télécharger (8,69 ko)

# Date Auteur Commentaire
008c95d7 2022-07-06 02:31 Kienan Stewart

Add Debian support
cc9fc807 2022-07-05 12:04 Tim Meusel

systemctl: Use relative path
8842a597 2022-07-05 08:23 Tim Meusel

make path to `nft` binary configureable
0c9bc308 2022-02-27 11:05 hashworks

Add support for Arch Linux

Arch Linux stores the configuration in a different path and does not
provide firewalld without explicit installation.

This basically the same as #66 – I've reused their code since it hasn't
been merged in a while.
c82b960a 2021-12-16 08:55 Steve Traylen

rubocop:auto_correct results
fa92e118 2021-09-17 21:35 Romain Tartière

Pet rubocop
7b9d6ffc 2021-05-31 04:42 Nacho Barrientos

Allow creating a totally empty firewall

By setting `nftables::inet_filter` and `nftables::nat` to `false`
users can now start off from a totally empty firewall and add the
tables, chains and rules they'd like.

The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
92e0fcb6 2021-03-02 08:31 duritong

fix #74 - ensure table are initialized before flushing them (#75)
ce22630b 2020-12-09 05:37 Steve Traylen

Remove duplicate flush on reload

When nftables was reloaded a flush was being done both in the systemd
reload call and in the nft script itself.
7e5b657a 2020-12-08 11:49 Steve Traylen

rubocop:auto_correct fixes
03d9e7da 2020-12-01 03:09 Steve Traylen

New parameter noflush_tables to selectivly skip flush

Introduces a new structured fact nftables

```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
- inet-f2b-table
```

By default the nft script will continue to contain `nft flush ruleset`...
802d80d1 2020-11-27 03:35 Nacho Barrientos

Allow sourcing sets from Hiera
82d10659 2020-11-26 15:39 Nacho Barrientos

Allow disabling default NAT tables and chains
30462da1 2020-11-26 05:19 Steve Traylen

Reload rules atomically

Background: The unit file for nftables on CentOS 8 contains:

```
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
ExecStop=/sbin/nft flush ruleset
```...
ae9872e2 2020-11-24 04:17 Nacho Barrientos

Make masking Service['firewalld'] configurable
61f03b47 2020-11-19 09:19 Steve Traylen

Switch $order$fragmenta/b to $order-$fragment-a/b
e53053ce 2020-11-19 08:31 Steve Traylen

Add comments for all the nftable::rules entries

For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for the rule.

The motivation here is to make the mapping from resulting rules back
to puppet code more obvious. When adding a new rule it should be more...
b3a7a6dd 2020-10-23 13:46 tr

Allow to inject custom rules
b171ac7f 2020-10-20 12:55 mh

fix offenses
e17693e3 2020-10-20 08:29 Steve Traylen

New parameter out_all, default false

In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.

Default is false so backwards compatible.

If true all the other out_bound rules (ntp, ...) will be disabled...
01d8a819 2020-10-16 10:29 tr

Styling to make tests green
f02562f2 2020-08-30 07:18 tr

Stop and mask firewalld service
5acb554a 2020-08-29 12:06 tr

Write some spec tests for init class
64134e4e 2020-08-29 11:17 tr

Add spec tests it should compile