Use concat for table conf generation
This way other components of the module will be able to add extra stuffto the table definitions like sets.
Fix rulenames which includes an index
The rulename has a regex pattern `[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(\d+)?$/]`which allows an index at the end of the rulename (with a delimiter).This is split later with `$data = split($rulename, '')` but the content...
Allow to specify prometheus source addresses
Fix rule node exporter
Manage rule in dns
Add rule in node_exporter
Include table ip6 nat
Add basic ip6 nat chains
Fix the regex for bridge names
Replace dashes with underlines
Docker daemon bridges contains dashes, replace them with underlines tofit the naming concept.
migrate create_resource to the generic loop over hash approach
create_resource is notorious for not providing exact line/file infowhen something fails. Since in puppet you can now loop over hashesand you have the splat assignment operator. This means you get much...
Allow ICMPv6 Router Advertisment packets
Add class bridges
Allow traffic from any bridge to itself by default
Move filter rules to inet_filter class
Allow to inject custom rules
Git ignore .ruby-version
Switch back to Ruby 2.5
```can't modify frozen String: "true" ```[Ticket IAC-1146](https://tickets.puppetlabs.com/browse/IAC-1146)
fix offenses
Merge pull request #1 from traylenator/all
New parameter out_all, default false
In order to allow all outbound traffic a parameter isadded to enable a simple `allow` entry on the out chain.
Default is false so backwards compatible.
If true all the other out_bound rules (ntp, ...) will be disabled...
Merge branch 'pdk' into 'master'
Add a PDK configuration and run PDK convert
See merge request immerda/puppet-modules/nftables!1
Only test with Ruby 2.7 and Puppet 6
Styling to make tests green
Add travis ci configuration
Do PDK convert
Allow index numbers
Fix rule puppet out
Add http and https
add license file
Use enum instead of pattern for proto
Add a rule to create snat
Test masquerade default proto
Add a define for masquerading
Extract the dnat spec tests
Linting
Add rules for OSPF
Add a define for ipv4 dnat
Create a special ingoing chain for all ingoing fwd rules
Add mld-listener-done to the list of allowed icmpv6 types
Rename file filter to inet-filter
Stop and mask firewalld service
add new rules
Add spec tests for a DNAT
Add spec tests for ip nat prerouting
Add spec tests for router functionality
Add spec tests for ip nat chain policies
add a few more rules
Split init class
Use default
Fix nat hooks
Rename to snake cases
Adapt readme to the refactoring
Rewrite ip-nat to concat
Add spec tests for ip-nat
Rename spec filter to inet-filter
Replace filter with inet-filter
Refactoring
Spec tests for default rules
Add spec tests for default chains
Add spec tests for filter chains
Add a newline to filter chains
Explicitly set ensure file
Disable some rubocop checks for spec files
Write some spec tests for init class
Drop Puppet 5 support
Add a Gitlab CI pipeline
Add spec tests it should compile
Add gemfile and rakefile for Puppet lint and spec
Add Puppet module basic files
Add dependencies
Git ignore Puppet module stuff
Set NAT only for IPv4
Remove whitespaces
Allow only specific icmp types
Allow to set a list of dns servers
Add in/out rules for Tor
Add a in rule for icinga2
Add in rule for puppet
Add in/out rules for wireguard
Add a rule for dhcpc
Remove out rule ntp
Duplicate to chrony, but chrony allows every sport (which is required bychrony).
add outgoing puppet
Allow http by default
CentOS mirrors are only available over http.
Apply a base firewall
Allow all services to install updates and manage the node.
Add a class for outgoing ntp
Add a class for outgoing https
Add a class for outgoing dns
fix naming
initial release
