Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / templates @ 79ef6104

Nom Taille Révision Âge Auteur Commentaire
  config 331b8d85 plus de 2 ans Steve Traylen New nftables::file type to include raw file Fo...
  systemd 8842a597 presque 3 ans Tim Meusel make path to `nft` binary configureable
reject_rule.epp 177 octets b10c6216 plus de 4 ans Nacho Barrientos Set a customisable rate limit to the logging rules
set.epp 951 octets 861169e5 presque 2 ans Javier Angulo fix #184: Add unit string for timeout,gc-interval
simplerule.epp 2,33 ko e846c98b plus d'un an Tim Meusel simplerule: Allow multiple oifname/iifname

Dernières révisions

# Date Auteur Commentaire
e846c98b 2023-12-27 06:02 Tim Meusel

simplerule: Allow multiple oifname/iifname
d7d6d5d3 2023-12-20 13:31 Tim Meusel

simplerule: Add support for outgoing interface filtering
25b3f3f4 2023-12-19 12:36 Tim Meusel

simplerule: Add support for incoming interface filtering
861169e5 2023-07-31 16:45 Javier Angulo

fix #184: Add unit string for timeout,gc-interval
331b8d85 2022-09-01 05:22 Steve Traylen

New nftables::file type to include raw file

For example:

```puppet
nftables::file{'geoip':
content => "include \"/files/geoipsets/dbip/*.ipv4\"\n",
}
```

will right a file or content into the nftables configuration.

The file written will be included in configuration....
8842a597 2022-07-05 08:23 Tim Meusel

make path to `nft` binary configureable
0c9bc308 2022-02-27 11:05 hashworks

Add support for Arch Linux

Arch Linux stores the configuration in a different path and does not
provide firewalld without explicit installation.

This basically the same as #66 – I've reused their code since it hasn't
been merged in a while.
fcb79d73 2021-09-07 05:37 Ben Morrice

support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid...
7b9d6ffc 2021-05-31 04:42 Nacho Barrientos

Allow creating a totally empty firewall

By setting `nftables::inet_filter` and `nftables::nat` to `false`
users can now start off from a totally empty firewall and add the
tables, chains and rules they'd like.

The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
bd8baa0f 2021-04-26 12:27 Nacho Barrientos

Fix IPv4 source address type detection

Before this patch, a rule like this:

```
nftables::simplerule { 'foo':
action => 'accept',
dport => 443,
proto => 'tcp4',
saddr => '192.168.1.10',
}
```

would incorrectly generate this rule:...

Voir les révisions

Formats disponibles : Atom