Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root @ 9ef3491b

# Date Auteur Commentaire
9ef3491b 2024-11-19 11:28 grepfruit

Fix interface name in rules
255e1b3b 2024-11-18 12:37 grepfruit

Revert "Make sure the special characters in bridge names are properly escaped"

This reverts commit 6b7be24846144590d36f7288ba0c5397a1b7b0ac.
6b7be248 2024-11-18 10:13 grepfruit

Make sure the special characters in bridge names are properly escaped

This solves an issue with nftables giving a syntax error when the interface name contains ':'
b6b5925f 2024-11-13 15:24 mh

Fix problem with interfaces that contain :
5791cc12 2021-03-01 11:00 Kienan Stewart

Temporarily use /bin/ for systemctl and echo paths in Debian 10

Debian Buster has symlinks from usrmerge that resolve to /bin/X,
but systems upgraded from Stretch or earlier that haven't installed
usrmerge will not have anything in /usr/bin/X.

This should be removed once every installation we have has had...
4184db01 2021-02-22 18:09 Gabriel Filion

Merge remote-tracking branch 'upstream/master' into stretch_support
942569ea 2021-02-14 10:00 duritong

Merge pull request #73 from Koumbit/global_chain_not_hardcoded

start declaring the 'global' chain with module resources
cf38fe4a 2021-02-14 01:26 Gabriel Filion

create tests for presence of the "global" chain
1a4f336e 2021-02-11 16:42 Gabriel Filion

start declaring the 'global' chain with module resources

the 'global' chain is a vestigial piece of early development on this
module, but it can be useful for creating fast short-circuits like
blocking traffic that match a certain set of IPs.

in the current state we can't inject rules inside the 'global' chain...
ca0e9755 2021-01-29 06:59 Steve Traylen

Bump version to 1.1.2-rc0 (#72)

Manual MR due to travis_release being broken by necessity to approve.

https://github.com/voxpupuli/puppet-nftables/issues/61
bd0d7998 2021-01-29 03:10 Steve Traylen

Release 1.1.1 (#71)
0f100e5c 2021-01-28 06:06 Nacho Barrientos

Merge pull request #70 from cernops/issue69

Fix IP version filter for IPv6 traffic
14156fb6 2021-01-27 06:48 Nacho Barrientos

Add unit test
1d56f209 2021-01-27 06:45 Nacho Barrientos

Fix IP version filter for IPv6 traffic
13f26dfc 2021-01-26 07:17 Nacho Barrientos

Improve nftables::rule's documentation (#68)
863b9d93 2021-01-25 17:40 Kienan Stewart

Merge branch 'dev-debian_support' into stretch_support
f29ea029 2021-01-25 17:38 Kienan Stewart

Fix nftables::rules::out::nfs3 for nftables 0.9.0
df9a09bb 2021-01-25 16:33 Kienan Stewart

Fix nftables::rules::nfs3 syntax to work with nftables 0.9.0
7d44d49e 2021-01-25 10:19 Steve Traylen

[blacksmith] Bump version to 1.1.1-rc0
afc4dd16 2021-01-25 10:16 Steve Traylen

Release 1.1.0 (#67)
7c92861a 2021-01-21 11:47 Kienan Stewart

Fix rubocop style error
de7a904c 2021-01-19 17:34 Kienan Stewart

Move configuration_path default to module data
cb6f3584 2021-01-19 15:22 Kienan Stewart

Fix reloads on Debian Stretch

The paths for various binaries are slightly different
f307977a 2021-01-19 11:41 Kienan Stewart

Merge branch 'dev-debian_support' into stretch_support
7fe7a4aa 2021-01-19 11:38 Kienan Stewart

Rename nftables_configuration_path to configuration_path
db7f6aef 2021-01-19 11:27 Kienan Stewart

Remove commented code from spec_helper

It's not necessary, and will be removed the next time modulesync is run.
546de19c 2021-01-19 11:26 Kienan Stewart

Change configuration path form AbsolutePath to Unixpath
08f77750 2021-01-18 16:40 Kienan Stewart

Mark Debian 9 as supported
b4558e94 2021-01-18 16:35 Kienan Stewart

Use /usr/sbin for nft binary path in systemd service

/sbin in Debian Buster is a symbolic link to /usr/sbin; however,
in Debian Stretch it's a separate folder and the nft binary is
in /usr/sbin/nft. Note: this commit probably breaks support for
CentOS, but I'm not planning on requesting to merge this commit...
26cdcbbd 2021-01-18 16:35 Kienan Stewart

Support old-style facts for facter in Debian Stretch
f8c4097f 2021-01-18 16:31 Kienan Stewart

Fix Debian data defaults

The module name prefix was missing in the hieradata. I removed the modifications
to spec_helper.rb that made the tests work with the erroneous data.
c8683bd8 2021-01-18 16:21 Kienan Stewart

Revert "Use symbols for both lookups in os_facts"

This reverts commit 0877a8fd3646130f06b29e581a1ed2f990394094.

My initial tests were too hasty. `os_facts[:os][:family]` returns
an empty string. The original formulation was correct.
430c87b7 2021-01-18 15:37 Kienan Stewart

Load module data during spec tests

This allows tests that depend on the module data being loaded to pass.
0877a8fd 2021-01-18 14:44 Kienan Stewart

Use symbols for both lookups in os_facts

The access does work this way and it seems preferable to be
consistent. The access using `os_facts['os']` does not work.
cad7d4cd 2021-01-18 14:37 Tim Meusel

Merge pull request #60 from duritong/more_mail_client_rules

add some mail related outgoing rules
19908f41 2021-01-18 14:07 mh

add some mail related outgoing rules
19a87d6f 2021-01-18 14:00 Kienan Stewart

Add Debian as a supported OS
96705735 2021-01-18 14:00 Kienan Stewart

Add test cases for Debian
a86c6409 2021-01-18 14:00 Kienan Stewart

Convert puppet_nft systemd drop-in unit file to template
8d22a441 2021-01-18 14:00 Kienan Stewart

WIP: Start adding support for Debian
2827108d 2021-01-18 11:28 Tim Meusel

Merge pull request #63 from traylenator/badges

Add badges to README
e2031b31 2021-01-18 11:18 Tim Meusel

Merge pull request #64 from traylenator/params

Enable parameter_documentation lint
e977eb3b 2021-01-18 11:17 Tim Meusel

Merge pull request #62 from glpatcern/master

Added Samba in rules
09cba182 2021-01-18 10:36 Steve Traylen

Enable parameter_documentation lint

The linter checks that every parameter has been documented.

While corrections have been made to great many classes some more
complicated examples have been left for now. Should be updated
as the files get touched.

https://github.com/domcleal/puppet-lint-param-docs
354a82d9 2021-01-18 10:19 Giuseppe Lo Presti

Removed unneeded parentheses
82b6fd57 2021-01-18 09:43 Steve Traylen

Add badges to README
4470f70c 2021-01-18 09:36 Giuseppe Lo Presti

Updated docs

Co-authored-by: Nacho Barrientos <>
6587545a 2021-01-18 09:04 Nacho Barrientos

Merge pull request #53 from cernops/allrules_check

Check that all the predefined rules are declared in the all rules acceptance test
e743f82e 2021-01-18 08:35 Giuseppe Lo Presti

Made ctdb rule parameterized
c3f6e1ff 2021-01-18 08:07 Nacho Barrientos

Use a separate job file
3246b968 2021-01-18 08:00 Nacho Barrientos

Check that all rules are declared in the all rules acceptance test
beaf4ee3 2021-01-18 07:42 Nacho Barrientos

Merge pull request #59 from cernops/issue58

Align simplerule and rule rulename requirements
8c00b818 2021-01-18 07:37 Nacho Barrientos

Pull up rule regexp to type aliases
1ee2f66b 2021-01-18 06:25 Giuseppe Lo Presti

Added to tests
a6f61c62 2021-01-18 05:51 Giuseppe Lo Presti

Added Samba in rules
6a4ffead 2021-01-13 11:10 Nacho Barrientos

Align simplerule and rule rulename requirements
2bcfc1aa 2020-12-15 05:14 Steve Traylen

[blacksmith] Bump version to 1.0.1-rc0
bc1b0f1a 2020-12-15 05:07 Steve Traylen

Release 1.0.0 (#49)

  • Release 1.0.0

Co-authored-by: duritong <>
5d71ec69 2020-12-14 05:35 duritong

Merge pull request #56 from traylenator/ports

Use Stdlib::Port everywhere in place of Integer
94a80621 2020-12-14 05:07 Steve Traylen

Use Stdlib::Port everywhere in place of Integer

Use Stdlib::Port in place of Integer for ports

Fixes #37
b1085d8d 2020-12-14 03:46 Tim Meusel

Merge pull request #55 from traylenator/moredocs

Docs for nftables::set
c868cae3 2020-12-14 03:27 Tim Meusel

Update manifests/set.pp
13f4e4c6 2020-12-14 03:06 Steve Traylen

Docs for nftables::set
b3040dd8 2020-12-14 02:26 Steve Traylen

Merge pull request #42 from duritong/terminology

switch not the server naming
04176b0e 2020-12-13 16:52 mh

switch naming to puppetserver
38205751 2020-12-11 02:38 Nacho Barrientos

Merge pull request #47 from cernops/issue45

Prefix custom tables with custom- so they're loaded
948ebc98 2020-12-11 02:25 Nacho Barrientos

Prefix custom tables with custom- so they're loaded
bacf254e 2020-12-11 02:19 Nacho Barrientos

Merge pull request #48 from cernops/config_template

Several fixes for nftables::config
c2800a39 2020-12-10 15:21 duritong

Merge pull request #50 from traylenator/moretests

Correct nfs3 invalid udp /tcp matching rule and more tests
2075a727 2020-12-10 09:21 Steve Traylen

Correct NFS udp and tcp port matching

There was a missing `th` from rule which from the examples in the man
page is meant to be there.

Cannot find the docs for what `th` does.
cfcafde5 2020-12-10 09:20 Steve Traylen

test that all classes can be included
d8752442 2020-12-10 09:20 Steve Traylen

test that bad configuration leaves service running
cba0cb86 2020-12-10 09:20 Nacho Barrientos

Merge pull request #52 from cernops/simplerule_reference

Remove a blank separating the doc string and the code
b46c9ce9 2020-12-10 06:53 Nacho Barrientos

Remove a blank separating the doc string and the code

Otherwise the generator of the docs does not do the job :/
c7e37bdc 2020-12-10 06:14 Steve Traylen

Merge pull request #51 from bastelfreak/puppet7

Enable Puppet 7 support
e0be8190 2020-12-10 05:31 Tim Meusel

Enable Puppet 7 support
3fe51d68 2020-12-10 02:51 Nacho Barrientos

Merge pull request #33 from cernops/simplerule

Add nftables::simplerule
c5418fd3 2020-12-10 02:24 Nacho Barrientos

Validate table spec
04f5c035 2020-12-10 02:24 Nacho Barrientos

Fix context name (removes dup)
294a38ff 2020-12-10 02:23 Nacho Barrientos

Implement intended failure
fcb1d356 2020-12-10 02:23 Nacho Barrientos

Auto fill simple table configuration
4d63adda 2020-12-09 11:45 Nacho Barrientos

Refresh REFERENCE
42e7f3ea 2020-12-09 11:44 Nacho Barrientos

Relax type validation in template

It comes already validated from the calling class.
55277023 2020-12-09 11:44 Nacho Barrientos

Align template parameters
f1ef02c5 2020-12-09 11:44 Nacho Barrientos

Encapsulate addr-related exprs in Nftables::Addr
09b07e56 2020-12-09 11:44 Nacho Barrientos

Encapsulate port-related exprs in Nftables::Port
6739966c 2020-12-09 11:44 Nacho Barrientos

Sort template parameters alphabetically
3a469f2b 2020-12-09 11:44 Nacho Barrientos

Implement nftables::simplerule::saddr
abb04c95 2020-12-09 11:44 Nacho Barrientos

Mention nftables::simplerule in the README
5944b9cb 2020-12-09 11:44 Nacho Barrientos

Allow some other types of verdicts
2f28cced 2020-12-09 11:44 Nacho Barrientos

Document nftables::simplerule's parameters
af15de48 2020-12-09 11:44 Nacho Barrientos

Recommend using nftables::rule
77abc10b 2020-12-09 11:44 Nacho Barrientos

Implement nftables::simplerule::sport
fb58f7b3 2020-12-09 11:44 Nacho Barrientos

Remove double spacing
6793d286 2020-12-09 11:44 Nacho Barrientos

Handle dport internally always as an array
467ea4e2 2020-12-09 11:44 Nacho Barrientos

Lint fixes
2cc54308 2020-12-09 11:44 Nacho Barrientos

Remove optional modifier on $table

It does not really make sense to pass undef to nftables::rule
2489f932 2020-12-09 11:44 Nacho Barrientos

Correct error message
4ec94616 2020-12-09 11:44 Nacho Barrientos

Re-document and add example
d43ced4d 2020-12-09 11:44 Nacho Barrientos

Implement nftables:;simplerule::counter