modulesync 9.0.0
modulesync 8.0.1
Merge pull request #249 from traylenator/clobberatend
Run default destroying acceptance tests at end
The spec test destroy_spec was purging default nftables configurationsbefore other existing tests had a chance to run.
Run the default destroying tests as the final test.
Merge pull request #247 from traylenator/overarch
New clobber_default_config paramater
New clobber_default_config paramter
Certain OSes namely Debian and Archlinux provide default ruleswith the OS.
This module has always respected those rules and appended all ofits own rules to the end of the existing rules.
The new parameter `clobber_default_config` if set `true` (default `false`)...
Merge pull request #246 from traylenator/deb11
Accept on Debian 11 nftables::set will fail
On Debian 11 adding an nftables set triggers a bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063690
move the `nftables::set` tests out to their own test which makes senseanyway and mark as pending for Debian 11.
Merge pull request #245 from traylenator/metadata
Drop EOL CentOS 8 support
Merge pull request #241 from voxpupuli/modulesync
modulesync 7.4.0
Merge pull request #242 from voxpupuli/systemd_update
update puppet-systemd upper bound to 8.0.0
modulesync 7.5.0
Merge pull request #238 from voxpupuli/modulesync
modulesync 7.3.0
Merge pull request #235 from voxpupuli/ospf
rules::llmnr: Allow interface filtering
Merge pull request #234 from voxpupuli/ospf
rules::ospf3 & rules::out::ospf3: Allow filtering on outgoing interfaces
rules::ospf3: Allow filtering on incoming interfaces
rules::out::ospf3: Allow filtering on outgoing interfaces
Merge pull request #233 from voxpupuli/mdns
rules::out::mdns & rules::mdns: Allow interface filtering
rules::mdns: Allow interface filtering
rules::out::mdns: Allow interface filtering
[blacksmith] Bump version to 3.7.2-rc0
Merge pull request #232 from voxpupuli/rel371
Release 3.7.1
Merge pull request #231 from voxpupuli/icmp
rules::icmp: Allow ICMP packets with extensions
Merge pull request #230 from voxpupuli/icmp
out::icmp: simplify filtering/fix ICMP bug
out::icmp: Add parameter documentation
out::icmp: reformat code
[blacksmith] Bump version to 3.7.1-rc0
Merge pull request #229 from voxpupuli/rel370
Release 3.7.0
Merge pull request #228 from voxpupuli/foo
simplerule: Allow multiple oifname/iifname
[blacksmith] Bump version to 3.6.1-rc0
Merge pull request #226 from bastelfreak/rel360
Release 3.6.0
Merge pull request #225 from voxpupuli/nftables
Make "dropping invalid packets" configureable
It doesn't make sense to explicitly drop those pakets when the defaultpolicy is already `DROP`. Also some applications, like ceph, are knownto send packets that might be marked as invalid.
Merge pull request #224 from voxpupuli/nftables
simplerule: Add support for outgoing interface filtering
Merge pull request #222 from bastelfreak/refactor
rules::out:dns: refactor for better readability
Merge pull request #221 from voxpupuli/nftables
simplerule: Add support for incoming interface filtering
Merge pull request #220 from voxpupuli/modulesync
modulesync 7.2.0
Regenerate REFERENCE.md
Merge pull request #219 from Tamerz/document-set-param
Document what the 'auto_merge' set parameter does.
Document what the 'auto_merge' parameter does.
Merge pull request #218 from voxpupuli/modulesync
modulesync 7.1.0
[blacksmith] Bump version to 3.5.1-rc0
Merge pull request #216 from traylenator/release-3.4.1
Release 3.5.0
Merge pull request #215 from traylenator/dnsiface
Support input interface specification to dns server
Useful when you want to allow docker/podman containersaccess to a hosts dns stub resolver.
```puppetclass{'nftables::rules::dns': iifname => ['docker0'],}```
Merge pull request #189 from tskirvin/master
nftables::simplerule::dport - takes port ranges as part of the array
Merge pull request #214 from traylenator/podman
Additional rules for podman root containers
Merge pull request #183 from traylenator/redirect
Example how to redirect one port to another
Add example how to redirect traffic from one port to another.
This class defines additional forwarding rules to let root containersreach external networks when using Netavark (since v4.0) or CNI (deprecated).At the time of writing, Podman supports automatic configuration...
[blacksmith] Bump version to 3.4.1-rc0
Merge pull request #212 from bastelfreak/rel340
Release 3.4.0
Merge pull request #213 from vchepkov/systemd
allow puppet/systemd v6
Merge pull request #211 from bastelfreak/debian12
Add Debian 12 support
Merge pull request #208 from vchepkov/ftp
add ftp helper
This adds ability to enable a connection tracker helper and provides typical ftp rules
Co-authored-by: Vadym Chepkov <vchepkov@gmail.com>Co-authored-by: Yury Bushmelev <jay4mail@gmail.com>
trying out a spec to mix port arrays and ranges
spec update to confirm that port ranges work
Merge branch 'voxpupuli:master' into master
Merge pull request #209 from vchepkov/rejects
provide an option to disable logging rejected packets
[blacksmith] Bump version to 3.3.1-rc0
Merge pull request #205 from bastelfreak/rel330
Release 3.3.0
Merge pull request #204 from voxpupuli/netbios
samba: Add option to drop traffic
Merge pull request #203 from voxpupuli/wsd
Add nftables rules for ws-discovery
Merge pull request #202 from voxpupuli/ssdp
Add rule for incoming SSDP
Merge pull request #201 from voxpupuli/llmnr
Add rule for incoming LLMNR
init.pp: disable check_unsafe_interpolations
Merge branch 'master' into master
[blacksmith] Bump version to 3.2.1-rc0
Merge pull request #200 from bastelfreak/rel320
Release 3.2.0
Merge pull request #199 from bastelfreak/omcast
Add rule for outgoing multicast DNS
Merge pull request #198 from bastelfreak/mlds
Add rule for multicast listener requests (MLDv2)
