Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / templates @ 753540f1

Nom Taille Révision Âge Auteur Commentaire
  config fcb79d73 plus de 3 ans Ben Morrice support a different table name for 'nat' - Some...
  systemd 8842a597 presque 3 ans Tim Meusel make path to `nft` binary configureable
reject_rule.epp 177 octets b10c6216 plus de 4 ans Nacho Barrientos Set a customisable rate limit to the logging rules
set.epp 949 octets 20b96360 plus de 4 ans Nacho Barrientos Add support for named sets
simplerule.epp 1,88 ko bd8baa0f environ 4 ans Nacho Barrientos Fix IPv4 source address type detection Before ...

Dernières révisions

# Date Auteur Commentaire
8842a597 2022-07-05 08:23 Tim Meusel

make path to `nft` binary configureable
0c9bc308 2022-02-27 11:05 hashworks

Add support for Arch Linux

Arch Linux stores the configuration in a different path and does not
provide firewalld without explicit installation.

This basically the same as #66 – I've reused their code since it hasn't
been merged in a while.
fcb79d73 2021-09-07 05:37 Ben Morrice

support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid...
7b9d6ffc 2021-05-31 04:42 Nacho Barrientos

Allow creating a totally empty firewall

By setting `nftables::inet_filter` and `nftables::nat` to `false`
users can now start off from a totally empty firewall and add the
tables, chains and rules they'd like.

The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
bd8baa0f 2021-04-26 12:27 Nacho Barrientos

Fix IPv4 source address type detection

Before this patch, a rule like this:

```
nftables::simplerule { 'foo':
action => 'accept',
dport => 443,
proto => 'tcp4',
saddr => '192.168.1.10',
}
```

would incorrectly generate this rule:...
92e0fcb6 2021-03-02 08:31 duritong

fix #74 - ensure table are initialized before flushing them (#75)
1d56f209 2021-01-27 06:45 Nacho Barrientos

Fix IP version filter for IPv6 traffic
42e7f3ea 2020-12-09 11:44 Nacho Barrientos

Relax type validation in template

It comes already validated from the calling class.
55277023 2020-12-09 11:44 Nacho Barrientos

Align template parameters
f1ef02c5 2020-12-09 11:44 Nacho Barrientos

Encapsulate addr-related exprs in Nftables::Addr

Voir les révisions

Formats disponibles : Atom