Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec / classes / rules @ a528bf59

# Date Auteur Commentaire
1ef7d5c4 2023-12-31 08:42 Tim Meusel

rules::llmnr: Allow interface filtering
3e2b5119 2023-12-31 08:11 Tim Meusel

rules::ospf3: Allow filtering on incoming interfaces
925c358d 2023-12-31 08:11 Tim Meusel

rules::out::ospf3: Allow filtering on outgoing interfaces
4c3d5d6b 2023-12-31 07:57 Tim Meusel

rules::mdns: Allow interface filtering
51850192 2023-12-31 07:57 Tim Meusel

rules::out::mdns: Allow interface filtering
8cdd24a5 2023-12-29 10:23 Tim Meusel

rules::icmp: Allow ICMP packets with extensions
9d1ee648 2023-12-20 04:41 Tim Meusel

rules::out:dns: refactor for better readability
67cdcf15 2023-11-24 02:52 Steve Traylen

Support input interface specification to dns server

Useful when you want to allow docker/podman containers
access to a hosts dns stub resolver.

```puppet
class{'nftables::rules::dns':
iifname => ['docker0'],
}
```
08b9f1d0 2023-11-22 03:53 Steve Traylen

Additional rules for podman root containers

This class defines additional forwarding rules to let root containers
reach external networks when using Netavark (since v4.0) or CNI (deprecated).
At the time of writing, Podman supports automatic configuration...
baad986e 2023-11-16 19:10 Vadym Chepkov

add ftp helper

This adds ability to enable a connection tracker helper and provides typical ftp rules

Co-authored-by: Vadym Chepkov <>
Co-authored-by: Yury Bushmelev <>
7937a13b 2022-07-11 04:18 Tim Meusel

chrony: Allow filtering for outgoing NTP servers
2b1896c1 2022-07-10 06:42 Tim Meusel

Add rule to allow outgoing whois queries
194e05d5 2022-07-07 08:53 Tim Meusel

Add class for outgoing PXP connections
7f74df2e 2022-07-07 08:10 Tim Meusel

Add class for pxp-agent firewalling
c82b960a 2021-12-16 08:55 Steve Traylen

rubocop:auto_correct results
fa92e118 2021-09-17 21:35 Romain Tartière

Pet rubocop
fcb79d73 2021-09-07 05:37 Ben Morrice

support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid...
cd2a3cbf 2021-03-25 03:30 Nacho Barrientos

Add rules for QEMU/libvirt guests
1bf717d9 2021-03-23 08:34 Luis Fernández Álvarez

Add optional handling of chains
b61ccb4a 2021-03-19 09:04 Luis Fernández Álvarez

Fix rulename spec in spec
283e1c3c 2021-03-19 08:56 Luis Fernández Álvarez

Fix syntax
c3515492 2021-03-19 08:48 Luis Fernández Álvarez

Add newline & more tests
6be2adf7 2021-03-19 07:12 Luis Fernández Álvarez

Add Docker-CE default rules
771b3256 2021-03-15 09:59 Nacho Barrientos

Add rules for Apache ActiveMQ
19908f41 2021-01-18 14:07 mh

add some mail related outgoing rules
e743f82e 2021-01-18 08:35 Giuseppe Lo Presti

Made ctdb rule parameterized
1ee2f66b 2021-01-18 06:25 Giuseppe Lo Presti

Added to tests
94a80621 2020-12-14 05:07 Steve Traylen

Use Stdlib::Port everywhere in place of Integer

Use Stdlib::Port in place of Integer for ports

Fixes #37
04176b0e 2020-12-13 16:52 mh

switch naming to puppetserver
2075a727 2020-12-10 09:21 Steve Traylen

Correct NFS udp and tcp port matching

There was a missing `th` from rule which from the examples in the man
page is meant to be there.

Cannot find the docs for what `th` does.
d0c972c3 2020-12-02 05:37 Dan van der Ster

Test NFS rules

Signed-off-by: Dan van der Ster <>
f4e9e995 2020-12-02 05:37 Dan van der Ster

Test ceph rules

Signed-off-by: Dan van der Ster <>
79e9a23f 2020-11-21 03:10 Nacho Barrientos

Move ICMP stuff to separate classes
215aee13 2020-11-18 07:18 Steve Traylen

Add kerberos out and openafs_client out
f3f2870f 2020-11-18 07:18 Steve Traylen

Add rules for afs3_callback

In particular the afs callback to the cache manager(7001) which is UDP and always
IPv4 since there OpenAFS does not support IPv6.

https://wiki.openafs.org/devel/AFSServicePorts/