add ftp helper
This adds ability to enable a connection tracker helper and provides typical ftp rules
Co-authored-by: Vadym Chepkov <vchepkov@gmail.com>Co-authored-by: Yury Bushmelev <jay4mail@gmail.com>
Add support for Arch Linux
Arch Linux stores the configuration in a different path and does notprovide firewalld without explicit installation.
This basically the same as #66 – I've reused their code since it hasn'tbeen merged in a while.
Ensure that nftables.service remains active after it exits
Some system-packages don't include it in the service-file and we expectit. See #124.
start declaring the 'global' chain with module resources
the 'global' chain is a vestigial piece of early development on thismodule, but it can be useful for creating fast short-circuits likeblocking traffic that match a certain set of IPs.
in the current state we can't inject rules inside the 'global' chain...
Auto fill simple table configuration
Remove duplicate flush on reload
When nftables was reloaded a flush was being done both in the systemdreload call and in the nft script itself.
New parameter noflush_tables to selectivly skip flush
Introduces a new structured fact nftables
```yamlnftables: tables: - inet-filter - ip-nat - ip6-nat - inet-f2b-table```
By default the nft script will continue to contain `nft flush ruleset`...
Allow disabling default NAT tables and chains
Reload rules atomically
Background: The unit file for nftables on CentOS 8 contains:
```ExecStart=/sbin/nft -f /etc/sysconfig/nftables.confExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'ExecStop=/sbin/nft flush ruleset```...
Move ICMP stuff to separate classes
Voir les révisions
Formats disponibles : Atom
