Révision 804b96e4
Prepare release 1.3.0
| CHANGELOG.md | ||
|---|---|---|
| 4 | 4 |
Each new release typically also includes the latest modulesync defaults. |
| 5 | 5 |
These should not affect the functionality of the module. |
| 6 | 6 |
|
| 7 |
## [v1.2.0](https://github.com/voxpupuli/puppet-nftables/tree/v1.2.0) (2021-03-02) |
|
| 7 |
## [v1.3.0](https://github.com/voxpupuli/puppet-nftables/tree/v1.3.0) (2021-03-25) |
|
| 8 |
|
|
| 9 |
[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v1.2.0...v1.3.0) |
|
| 10 |
|
|
| 11 |
**Implemented enhancements:** |
|
| 12 |
|
|
| 13 |
- Add rules for QEMU/libvirt guests \(bridged virtual networking\) [\#85](https://github.com/voxpupuli/puppet-nftables/pull/85) ([nbarrientos](https://github.com/nbarrientos)) |
|
| 14 |
- Add nftables.version to structured fact. [\#84](https://github.com/voxpupuli/puppet-nftables/pull/84) ([traylenator](https://github.com/traylenator)) |
|
| 15 |
- Add rules for Apache ActiveMQ [\#82](https://github.com/voxpupuli/puppet-nftables/pull/82) ([nbarrientos](https://github.com/nbarrientos)) |
|
| 16 |
- Add Docker-CE default rules [\#80](https://github.com/voxpupuli/puppet-nftables/pull/80) ([luisfdez](https://github.com/luisfdez)) |
|
| 17 |
|
|
| 18 |
**Merged pull requests:** |
|
| 19 |
|
|
| 20 |
- Fix sections and add a pointer to code snippets for Emacs [\#81](https://github.com/voxpupuli/puppet-nftables/pull/81) ([nbarrientos](https://github.com/nbarrientos)) |
|
| 21 |
|
|
| 22 |
## [v1.2.0](https://github.com/voxpupuli/puppet-nftables/tree/v1.2.0) (2021-03-03) |
|
| 8 | 23 |
|
| 9 | 24 |
[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v1.1.1...v1.2.0) |
| 10 | 25 |
|
| REFERENCE.md | ||
|---|---|---|
| 17 | 17 |
Enable this option to support Ceph's Monitor Daemon. |
| 18 | 18 |
* [`nftables::rules::dhcpv6_client`](#nftablesrulesdhcpv6_client): allow DHCPv6 requests in to a host |
| 19 | 19 |
* [`nftables::rules::dns`](#nftablesrulesdns): manage in dns |
| 20 |
* [`nftables::rules::docker_ce`](#nftablesrulesdocker_ce): Default firewall configuration for Docker-CE |
|
| 20 | 21 |
* [`nftables::rules::http`](#nftablesruleshttp): manage in http |
| 21 | 22 |
* [`nftables::rules::https`](#nftablesruleshttps): manage in https |
| 22 | 23 |
* [`nftables::rules::icinga2`](#nftablesrulesicinga2): manage in icinga2 |
| ... | ... | |
| 446 | 447 |
|
| 447 | 448 |
Default value: `[53]` |
| 448 | 449 |
|
| 450 |
### <a name="nftablesrulesdocker_ce"></a>`nftables::rules::docker_ce` |
|
| 451 |
|
|
| 452 |
The configuration distributed in this class represents the default firewall |
|
| 453 |
configuration done by docker-ce when the iptables integration is enabled. |
|
| 454 |
|
|
| 455 |
This class is needed as the default docker-ce rules added to ip-filter conflict |
|
| 456 |
with the inet-filter forward rules set by default in this module. |
|
| 457 |
|
|
| 458 |
When using this class 'docker::iptables: false' should be set. |
|
| 459 |
|
|
| 460 |
#### Parameters |
|
| 461 |
|
|
| 462 |
The following parameters are available in the `nftables::rules::docker_ce` class: |
|
| 463 |
|
|
| 464 |
* [`docker_interface`](#docker_interface) |
|
| 465 |
* [`docker_prefix`](#docker_prefix) |
|
| 466 |
* [`manage_docker_chains`](#manage_docker_chains) |
|
| 467 |
* [`manage_base_chains`](#manage_base_chains) |
|
| 468 |
|
|
| 469 |
##### <a name="docker_interface"></a>`docker_interface` |
|
| 470 |
|
|
| 471 |
Data type: `String[1]` |
|
| 472 |
|
|
| 473 |
Interface name used by docker. |
|
| 474 |
|
|
| 475 |
Default value: `'docker0'` |
|
| 476 |
|
|
| 477 |
##### <a name="docker_prefix"></a>`docker_prefix` |
|
| 478 |
|
|
| 479 |
Data type: `Stdlib::IP::Address::V4::CIDR` |
|
| 480 |
|
|
| 481 |
The address space used by docker. |
|
| 482 |
|
|
| 483 |
Default value: `'172.17.0.0/16'` |
|
| 484 |
|
|
| 485 |
##### <a name="manage_docker_chains"></a>`manage_docker_chains` |
|
| 486 |
|
|
| 487 |
Data type: `Boolean` |
|
| 488 |
|
|
| 489 |
Flag to control whether the class should create the docker related chains. |
|
| 490 |
|
|
| 491 |
Default value: ``true`` |
|
| 492 |
|
|
| 493 |
##### <a name="manage_base_chains"></a>`manage_base_chains` |
|
| 494 |
|
|
| 495 |
Data type: `Boolean` |
|
| 496 |
|
|
| 497 |
Flag to control whether the class should create the base common chains. |
|
| 498 |
|
|
| 499 |
Default value: ``true`` |
|
| 500 |
|
|
| 449 | 501 |
### <a name="nftablesruleshttp"></a>`nftables::rules::http` |
| 450 | 502 |
|
| 451 | 503 |
manage in http |
| metadata.json | ||
|---|---|---|
| 1 | 1 |
{
|
| 2 | 2 |
"name": "puppet-nftables", |
| 3 |
"version": "1.2.1-rc0",
|
|
| 3 |
"version": "1.3.0",
|
|
| 4 | 4 |
"author": "Vox Pupuli", |
| 5 | 5 |
"summary": "Puppet nftables module", |
| 6 | 6 |
"license": "Apache-2.0", |
Formats disponibles : Unified diff