/spec/classes - Dépôt - puppet nftables - Koumbit's Redmine

Nom	Taille	Révision	Âge	Auteur	Commentaire
inet_filter		eac19d14	plus d'un an	Tim Meusel	Make "dropping invalid packets" configureable ...
rules		4c3d5d6b	plus d'un an	Tim Meusel	rules::mdns: Allow interface filtering
services		c82b960a	plus de 3 ans	Steve Traylen	rubocop:auto_correct results
bridges_spec.rb	1,33 ko	cb38423a	plus de 2 ans	mh	fix #143 - properly escape rulename for interfaces
dnat4_spec.rb	7,53 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
inet_filter_spec.rb	24,5 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
ip_nat_spec.rb	9,47 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
masquerade_spec.rb	4,5 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
nftables_spec.rb	9,73 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
router_spec.rb	5,76 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
snat4_spec.rb	4,05 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...

#	Date	Auteur	Commentaire
4c3d5d6b	2023-12-31 07:57	Tim Meusel	rules::mdns: Allow interface filtering
51850192	2023-12-31 07:57	Tim Meusel	rules::out::mdns: Allow interface filtering
8cdd24a5	2023-12-29 10:23	Tim Meusel	rules::icmp: Allow ICMP packets with extensions
eac19d14	2023-12-20 14:51	Tim Meusel	Make "dropping invalid packets" configureable It doesn't make sense to explicitly drop those pakets when the default policy is already `DROP`. Also some applications, like ceph, are known to send packets that might be marked as invalid.
9d1ee648	2023-12-20 04:41	Tim Meusel	rules::out:dns: refactor for better readability
67cdcf15	2023-11-24 02:52	Steve Traylen	Support input interface specification to dns server Useful when you want to allow docker/podman containers access to a hosts dns stub resolver. ```puppet class{'nftables::rules::dns': iifname => ['docker0'], } ```
08b9f1d0	2023-11-22 03:53	Steve Traylen	Additional rules for podman root containers This class defines additional forwarding rules to let root containers reach external networks when using Netavark (since v4.0) or CNI (deprecated). At the time of writing, Podman supports automatic configuration...
baad986e	2023-11-16 19:10	Vadym Chepkov	add ftp helper This adds ability to enable a connection tracker helper and provides typical ftp rules Co-authored-by: Vadym Chepkov <vchepkov@gmail.com> Co-authored-by: Yury Bushmelev <jay4mail@gmail.com>
0b7bcb5d	2023-01-04 05:01	mh	Align filemode on RedHat to distro default The RPM acutally ships the configuration and directory with 0600/0700 while this module sets the mode to 0640/0750. However, this has the drawback that on new nftables RPM versions, we are setting it back to the modules mode and triggering an nft...
9e42547b	2022-09-04 16:35	mh	split conntrack management into dedicated classes so they get consumeable

Projet

Général

Profil

puppet nftables

Dépôt

root / spec / classes @ 4c3d5d6b

Dernières révisions