puppet nftables

Add ruleset for a Nomad cluster

Nomad clusters typically have single public API
port as well as rpc and serf ports for inter cluster
communication.

Example:

```puppet
class{ 'nftables::rules::nomad':
cluster_elements = [
'10.0.0.1','10.0.0.2',
'::1', '::2'',...

Merge pull request #274 from voxpupuli/release-prep

Release 4.2.0

[blacksmith] Bump version to 6.2.1-rc0

Release 6.2.0

Add firewall rule for incoming rsync requests

Merge pull request #271 from voxpupuli/release-prep

Release 4.1.0

Merge pull request #270 from bastelfreak/ubuntu24

Add Ubuntu 24.04 support

Merge pull request #260 from SimonHoenscheid/icinga2_out

add icinga2 rule for outgoing traffic

Merge pull request #266 from voxpupuli/puppet-systemd-9

Allow puppet-systemd 8.x

Merge pull request #269 from traylenator/netbase

Install netbase for /etc/services on Ubuntu 20.04

Revert "Install netbase for /etc/services file"

This reverts commit 25528bfc63df27900cc2f91ef32bd4ccddef7382.

Drop Puppet 7 testing

Puppet 7 requires legacy facts, which we don't have available anymore.
Also Puppet 7 is EoL soon. Technically the module works on Puppet 7,
just unit tests fail.

set service provider to systemd in unit tests

modulesync 9.4.0

Switch unit tests to CERN runner

modulesync 9.1.0

Merge pull request #261 from SimonHoenscheid/developer_docs

feat: add development documentation

feat: add development documentation

README: fix indentation

Code formatting

Merge pull request #255 from bastelfreak/rel400

Release 4.0.0

Merge pull request #252 from phaedriel/addr_array

Add support Arrays of source/destination IP addresses for nftables::simplerule

manage spec_helper.rb

Merge pull request #253 from canihavethisone/master

Reload nftables service if hash at last service load does not match

Regenerate reference

Added shell provider to execs. Hash generate now in array. Ran rubocop:autocorrect

Changed path to use fact. Partial conversion of execs to arrays

Fix typos

Added purge_unmanaged_rules new variant of method

Add variant array

Merge pull request #243 from voxpupuli/modulesync

modulesync 9.0.0

modulesync 8.0.1

Run default destroying acceptance tests at end

The spec test destroy_spec was purging default nftables configurations
before other existing tests had a chance to run.

Run the default destroying tests as the final test.

New clobber_default_config paramter

Certain OSes namely Debian and Archlinux provide default rules
with the OS.

This module has always respected those rules and appended all of
its own rules to the end of the existing rules.

The new parameter `clobber_default_config` if set `true` (default `false`)...

Accept on Debian 11 nftables::set will fail

On Debian 11 adding an nftables set triggers a bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063690

move the `nftables::set` tests out to their own test which makes sense
anyway and mark as pending for Debian 11.

Drop EOL CentOS 8 support

Merge pull request #242 from voxpupuli/systemd_update

update puppet-systemd upper bound to 8.0.0

modulesync 7.5.0

Merge pull request #238 from voxpupuli/modulesync

modulesync 7.3.0

Merge pull request #235 from voxpupuli/ospf

rules::llmnr: Allow interface filtering

Merge pull request #234 from voxpupuli/ospf

rules::ospf3 & rules::out::ospf3: Allow filtering on outgoing interfaces

rules::out::ospf3: Allow filtering on outgoing interfaces

rules::mdns: Allow interface filtering

[blacksmith] Bump version to 3.7.2-rc0

Release 3.7.1

rules::icmp: Allow ICMP packets with extensions

out::icmp: simplify filtering/fix ICMP bug

out::icmp: reformat code

Merge pull request #229 from voxpupuli/rel370

Release 3.7.0

Merge pull request #228 from voxpupuli/foo

simplerule: Allow multiple oifname/iifname