Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec / classes / nftables_spec.rb @ c8683bd8

Historique | Voir | Annoter | Télécharger (6,65 ko)

# Date Auteur Commentaire
c8683bd8 2021-01-18 16:21 Kienan Stewart

Revert "Use symbols for both lookups in os_facts"

This reverts commit 0877a8fd3646130f06b29e581a1ed2f990394094.

My initial tests were too hasty. `os_facts[:os][:family]` returns
an empty string. The original formulation was correct.
0877a8fd 2021-01-18 14:44 Kienan Stewart

Use symbols for both lookups in os_facts

The access does work this way and it seems preferable to be
consistent. The access using `os_facts['os']` does not work.
96705735 2021-01-18 14:00 Kienan Stewart

Add test cases for Debian
ce22630b 2020-12-09 05:37 Steve Traylen

Remove duplicate flush on reload

When nftables was reloaded a flush was being done both in the systemd
reload call and in the nft script itself.
7e5b657a 2020-12-08 11:49 Steve Traylen

rubocop:auto_correct fixes
03d9e7da 2020-12-01 03:09 Steve Traylen

New parameter noflush_tables to selectivly skip flush

Introduces a new structured fact nftables

```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
- inet-f2b-table
```

By default the nft script will continue to contain `nft flush ruleset`...
802d80d1 2020-11-27 03:35 Nacho Barrientos

Allow sourcing sets from Hiera
82d10659 2020-11-26 15:39 Nacho Barrientos

Allow disabling default NAT tables and chains
30462da1 2020-11-26 05:19 Steve Traylen

Reload rules atomically

Background: The unit file for nftables on CentOS 8 contains:

```
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
ExecStop=/sbin/nft flush ruleset
```...
ae9872e2 2020-11-24 04:17 Nacho Barrientos

Make masking Service['firewalld'] configurable
61f03b47 2020-11-19 09:19 Steve Traylen

Switch $order$fragmenta/b to $order-$fragment-a/b
e53053ce 2020-11-19 08:31 Steve Traylen

Add comments for all the nftable::rules entries

For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for the rule.

The motivation here is to make the mapping from resulting rules back
to puppet code more obvious. When adding a new rule it should be more...
b3a7a6dd 2020-10-23 13:46 tr

Allow to inject custom rules
b171ac7f 2020-10-20 12:55 mh

fix offenses
e17693e3 2020-10-20 08:29 Steve Traylen

New parameter out_all, default false

In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.

Default is false so backwards compatible.

If true all the other out_bound rules (ntp, ...) will be disabled...
01d8a819 2020-10-16 10:29 tr

Styling to make tests green
f02562f2 2020-08-30 07:18 tr

Stop and mask firewalld service
5acb554a 2020-08-29 12:06 tr

Write some spec tests for init class
64134e4e 2020-08-29 11:17 tr

Add spec tests it should compile