Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec @ 03d9e7da

Nom Taille Révision Âge Auteur Commentaire
  classes 03d9e7da plus de 4 ans Steve Traylen New parameter noflush_tables to selectivly skip...
  defines 30462da1 plus de 4 ans Steve Traylen Reload rules atomically Background: The unit f...
  unit 03d9e7da plus de 4 ans Steve Traylen New parameter noflush_tables to selectivly skip...
default_facts.yml 266 octets ece9be27 plus de 4 ans tr Do PDK convert
default_module_facts.yml 2,18 ko fd0eaeca plus de 4 ans tr Add class bridges Allow traffic from any bridg...
spec_helper.rb 1,65 ko ece9be27 plus de 4 ans tr Do PDK convert

Dernières révisions

# Date Auteur Commentaire
03d9e7da 2020-12-01 03:09 Steve Traylen

New parameter noflush_tables to selectivly skip flush

Introduces a new structured fact nftables

```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
- inet-f2b-table
```

By default the nft script will continue to contain `nft flush ruleset`...
72aad4a2 2020-11-29 13:22 keachi

Merge pull request #28 from traylenator/simplify

Do not test nftables::rules repeatadly
902ceaac 2020-11-29 13:18 keachi

Merge pull request #22 from cernops/log_limit

Set a customisable rate limit to the logging rules
300b7382 2020-11-27 05:21 Steve Traylen

Do not test nftables::rules repeatadly

Rather than testing the contents of nftable::rules just test
that nftables::rules instance is correct.

The existing test for the define nftables::rules is enough.

Motivation here is to make changes to nftables::rules easier to handle...
802d80d1 2020-11-27 03:35 Nacho Barrientos

Allow sourcing sets from Hiera
82d10659 2020-11-26 15:39 Nacho Barrientos

Allow disabling default NAT tables and chains
30462da1 2020-11-26 05:19 Steve Traylen

Reload rules atomically

Background: The unit file for nftables on CentOS 8 contains:

```
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
ExecStop=/sbin/nft flush ruleset
```...
b10c6216 2020-11-24 10:37 Nacho Barrientos

Set a customisable rate limit to the logging rules
92461926 2020-11-24 07:53 duritong

Merge pull request #16 from cernops/icmp

Move ICMP stuff to separate classes allowing better customisation
ae9872e2 2020-11-24 04:17 Nacho Barrientos

Make masking Service['firewalld'] configurable

Voir les révisions

Formats disponibles : Atom