rules::out::ospf3: Allow filtering on outgoing interfaces
Merge pull request #233 from voxpupuli/mdns
rules::out::mdns & rules::mdns: Allow interface filtering
rules::mdns: Allow interface filtering
rules::out::mdns: Allow interface filtering
[blacksmith] Bump version to 3.7.2-rc0
Merge pull request #232 from voxpupuli/rel371
Release 3.7.1
Merge pull request #231 from voxpupuli/icmp
rules::icmp: Allow ICMP packets with extensions
Merge pull request #230 from voxpupuli/icmp
out::icmp: simplify filtering/fix ICMP bug
out::icmp: Add parameter documentation
out::icmp: reformat code
[blacksmith] Bump version to 3.7.1-rc0
Merge pull request #229 from voxpupuli/rel370
Release 3.7.0
Merge pull request #228 from voxpupuli/foo
simplerule: Allow multiple oifname/iifname
[blacksmith] Bump version to 3.6.1-rc0
Merge pull request #226 from bastelfreak/rel360
Release 3.6.0
Merge pull request #225 from voxpupuli/nftables
Make "dropping invalid packets" configureable
It doesn't make sense to explicitly drop those pakets when the defaultpolicy is already `DROP`. Also some applications, like ceph, are knownto send packets that might be marked as invalid.
Merge pull request #224 from voxpupuli/nftables
simplerule: Add support for outgoing interface filtering
Merge pull request #222 from bastelfreak/refactor
rules::out:dns: refactor for better readability
Merge pull request #221 from voxpupuli/nftables
simplerule: Add support for incoming interface filtering
Merge pull request #220 from voxpupuli/modulesync
modulesync 7.2.0
Regenerate REFERENCE.md
Merge pull request #219 from Tamerz/document-set-param
Document what the 'auto_merge' set parameter does.
Document what the 'auto_merge' parameter does.
Merge pull request #218 from voxpupuli/modulesync
modulesync 7.1.0
[blacksmith] Bump version to 3.5.1-rc0
Merge pull request #216 from traylenator/release-3.4.1
Release 3.5.0
Merge pull request #215 from traylenator/dnsiface
Support input interface specification to dns server
Useful when you want to allow docker/podman containersaccess to a hosts dns stub resolver.
```puppetclass{'nftables::rules::dns': iifname => ['docker0'],}```
Merge pull request #189 from tskirvin/master
nftables::simplerule::dport - takes port ranges as part of the array
Merge pull request #214 from traylenator/podman
Additional rules for podman root containers
Merge pull request #183 from traylenator/redirect
Example how to redirect one port to another
Add example how to redirect traffic from one port to another.
This class defines additional forwarding rules to let root containersreach external networks when using Netavark (since v4.0) or CNI (deprecated).At the time of writing, Podman supports automatic configuration...
[blacksmith] Bump version to 3.4.1-rc0
Merge pull request #212 from bastelfreak/rel340
Release 3.4.0
Merge pull request #213 from vchepkov/systemd
allow puppet/systemd v6
Merge pull request #211 from bastelfreak/debian12
Add Debian 12 support
Merge pull request #208 from vchepkov/ftp
add ftp helper
This adds ability to enable a connection tracker helper and provides typical ftp rules
Co-authored-by: Vadym Chepkov <vchepkov@gmail.com>Co-authored-by: Yury Bushmelev <jay4mail@gmail.com>
trying out a spec to mix port arrays and ranges
spec update to confirm that port ranges work
Merge branch 'voxpupuli:master' into master
Merge pull request #209 from vchepkov/rejects
provide an option to disable logging rejected packets
[blacksmith] Bump version to 3.3.1-rc0
Merge pull request #205 from bastelfreak/rel330
Release 3.3.0
Merge pull request #204 from voxpupuli/netbios
samba: Add option to drop traffic
Merge pull request #203 from voxpupuli/wsd
Add nftables rules for ws-discovery
Merge pull request #202 from voxpupuli/ssdp
Add rule for incoming SSDP
Merge pull request #201 from voxpupuli/llmnr
Add rule for incoming LLMNR
init.pp: disable check_unsafe_interpolations
Merge branch 'master' into master
[blacksmith] Bump version to 3.2.1-rc0
Merge pull request #200 from bastelfreak/rel320
Release 3.2.0
Merge pull request #199 from bastelfreak/omcast
Add rule for outgoing multicast DNS
Merge pull request #198 from bastelfreak/mlds
Add rule for multicast listener requests (MLDv2)
Merge pull request #197 from ekohl/mdns-v6
Rewrite mdns rules to limit to multicast and allow IPv6
This limits the mdns listener to only listen on multicast addresses withport 5353. One rule for IPv4 and one for IPv6, each controllable with aparameter.
The generic 5353 to 5353 rule is dropped since it's redundant when I...
Merge pull request #195 from voxpupuli/modulesync
modulesync 7.0.0
REFERENCE.md changes to match
Merge pull request #194 from bastelfreak/multicast
Add rules for IGMP
Merge pull request #193 from bastelfreak/mdns
mDNS: Allow udp port 5353
Merge pull request #191 from bastelfreak/multicast
Add rule to allow multicast DNS
Merge pull request #192 from bastelfreak/spot
Add rule to allow incoming spotify broadcast
Merge pull request #190 from bastelfreak/multicast
Add rule to allow incoming multicast traffic
addresses issue 188
Merge pull request #187 from javier-angulo/fix/184
change parameters order: required before optional
