Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / templates @ 80d9b434

# Date Auteur Commentaire
e846c98b 2023-12-27 06:02 Tim Meusel

simplerule: Allow multiple oifname/iifname
d7d6d5d3 2023-12-20 13:31 Tim Meusel

simplerule: Add support for outgoing interface filtering
25b3f3f4 2023-12-19 12:36 Tim Meusel

simplerule: Add support for incoming interface filtering
861169e5 2023-07-31 16:45 Javier Angulo

fix #184: Add unit string for timeout,gc-interval
331b8d85 2022-09-01 05:22 Steve Traylen

New nftables::file type to include raw file

For example:

```puppet
nftables::file{'geoip':
content => "include \"/files/geoipsets/dbip/*.ipv4\"\n",
}
```

will right a file or content into the nftables configuration.

The file written will be included in configuration....
8842a597 2022-07-05 08:23 Tim Meusel

make path to `nft` binary configureable
0c9bc308 2022-02-27 11:05 hashworks

Add support for Arch Linux

Arch Linux stores the configuration in a different path and does not
provide firewalld without explicit installation.

This basically the same as #66 – I've reused their code since it hasn't
been merged in a while.
fcb79d73 2021-09-07 05:37 Ben Morrice

support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid...
7b9d6ffc 2021-05-31 04:42 Nacho Barrientos

Allow creating a totally empty firewall

By setting `nftables::inet_filter` and `nftables::nat` to `false`
users can now start off from a totally empty firewall and add the
tables, chains and rules they'd like.

The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
bd8baa0f 2021-04-26 12:27 Nacho Barrientos

Fix IPv4 source address type detection

Before this patch, a rule like this:

```
nftables::simplerule { 'foo':
action => 'accept',
dport => 443,
proto => 'tcp4',
saddr => '192.168.1.10',
}
```

would incorrectly generate this rule:...
92e0fcb6 2021-03-02 08:31 duritong

fix #74 - ensure table are initialized before flushing them (#75)
1d56f209 2021-01-27 06:45 Nacho Barrientos

Fix IP version filter for IPv6 traffic
42e7f3ea 2020-12-09 11:44 Nacho Barrientos

Relax type validation in template

It comes already validated from the calling class.
55277023 2020-12-09 11:44 Nacho Barrientos

Align template parameters
f1ef02c5 2020-12-09 11:44 Nacho Barrientos

Encapsulate addr-related exprs in Nftables::Addr
09b07e56 2020-12-09 11:44 Nacho Barrientos

Encapsulate port-related exprs in Nftables::Port
6739966c 2020-12-09 11:44 Nacho Barrientos

Sort template parameters alphabetically
3a469f2b 2020-12-09 11:44 Nacho Barrientos

Implement nftables::simplerule::saddr
77abc10b 2020-12-09 11:44 Nacho Barrientos

Implement nftables::simplerule::sport
6793d286 2020-12-09 11:44 Nacho Barrientos

Handle dport internally always as an array
d43ced4d 2020-12-09 11:44 Nacho Barrientos

Implement nftables:;simplerule::counter
aaa37172 2020-12-09 11:44 Nacho Barrientos

Implement nftables:;simplerule::daddr
316bc3f8 2020-12-09 11:44 Nacho Barrientos

Allow IPv4 and IPv6 only rules
3a52fb41 2020-12-09 11:44 Nacho Barrientos

Richer dport
83382bb5 2020-12-09 11:44 Nacho Barrientos

Add nftables::simplerule
ce22630b 2020-12-09 05:37 Steve Traylen

Remove duplicate flush on reload

When nftables was reloaded a flush was being done both in the systemd
reload call and in the nft script itself.
03d9e7da 2020-12-01 03:09 Steve Traylen

New parameter noflush_tables to selectivly skip flush

Introduces a new structured fact nftables

```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
- inet-f2b-table
```

By default the nft script will continue to contain `nft flush ruleset`...
902ceaac 2020-11-29 13:18 keachi

Merge pull request #22 from cernops/log_limit

Set a customisable rate limit to the logging rules
82d10659 2020-11-26 15:39 Nacho Barrientos

Allow disabling default NAT tables and chains
b10c6216 2020-11-24 10:37 Nacho Barrientos

Set a customisable rate limit to the logging rules
20b96360 2020-11-13 09:57 Nacho Barrientos

Add support for named sets