Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec / classes @ 08b9f1d0

Nom Taille Révision Âge Auteur Commentaire
  inet_filter 9e42547b plus de 2 ans mh split conntrack management into dedicated class...
  rules 08b9f1d0 plus d'un an Steve Traylen Additional rules for podman root containers Th...
  services c82b960a plus de 3 ans Steve Traylen rubocop:auto_correct results
bridges_spec.rb 1,33 ko cb38423a plus de 2 ans mh fix #143 - properly escape rulename for interfaces
dnat4_spec.rb 7,53 ko 0b7bcb5d plus de 2 ans mh Align filemode on RedHat to distro default The...
inet_filter_spec.rb 24,5 ko 0b7bcb5d plus de 2 ans mh Align filemode on RedHat to distro default The...
ip_nat_spec.rb 9,47 ko 0b7bcb5d plus de 2 ans mh Align filemode on RedHat to distro default The...
masquerade_spec.rb 4,5 ko 0b7bcb5d plus de 2 ans mh Align filemode on RedHat to distro default The...
nftables_spec.rb 9,73 ko 0b7bcb5d plus de 2 ans mh Align filemode on RedHat to distro default The...
router_spec.rb 5,76 ko 0b7bcb5d plus de 2 ans mh Align filemode on RedHat to distro default The...
rules_out_dns_spec.rb 2,74 ko c82b960a plus de 3 ans Steve Traylen rubocop:auto_correct results
snat4_spec.rb 4,05 ko 0b7bcb5d plus de 2 ans mh Align filemode on RedHat to distro default The...

Dernières révisions

# Date Auteur Commentaire
08b9f1d0 2023-11-22 03:53 Steve Traylen

Additional rules for podman root containers

This class defines additional forwarding rules to let root containers
reach external networks when using Netavark (since v4.0) or CNI (deprecated).
At the time of writing, Podman supports automatic configuration...
baad986e 2023-11-16 19:10 Vadym Chepkov

add ftp helper

This adds ability to enable a connection tracker helper and provides typical ftp rules

Co-authored-by: Vadym Chepkov <>
Co-authored-by: Yury Bushmelev <>
0b7bcb5d 2023-01-04 05:01 mh

Align filemode on RedHat to distro default

The RPM acutally ships the configuration and directory with
0600/0700 while this module sets the mode to 0640/0750.

However, this has the drawback that on new nftables RPM versions,
we are setting it back to the modules mode and triggering an nft...
9e42547b 2022-09-04 16:35 mh

split conntrack management into dedicated classes so they get consumeable
331b8d85 2022-09-01 05:22 Steve Traylen

New nftables::file type to include raw file

For example:

```puppet
nftables::file{'geoip':
content => "include \"/files/geoipsets/dbip/*.ipv4\"\n",
}
```

will right a file or content into the nftables configuration.

The file written will be included in configuration....
9d61323e 2022-08-26 07:47 Steve Traylen

Merge pull request #144 from duritong/fix-143-properly-escape-rulename

Properly escape bridge in rulename
cb38423a 2022-08-24 03:06 mh

fix #143 - properly escape rulename for interfaces
1d7eb86a 2022-08-24 02:46 mh

remove duplicate expect

this is handled by the next - more specific - expect anyways
1fd3f550 2022-08-19 09:07 Luis Fernández Álvarez

Add all families as a valid noflush pattern

nftables has more valid families than the ones currently accepted by the
module.

This patch adds support for all the families currently supported as per
the documentation at:
https://wiki.nftables.org/wiki-nftables/index.php/Nftables_families
7937a13b 2022-07-11 04:18 Tim Meusel

chrony: Allow filtering for outgoing NTP servers

Voir les révisions

Formats disponibles : Atom