/spec/classes - Dépôt - puppet nftables - Koumbit's Redmine

Nom	Taille	Révision	Âge	Auteur	Commentaire
inet_filter		eac19d14	plus d'un an	Tim Meusel	Make "dropping invalid packets" configureable ...
rules		1ef7d5c4	plus d'un an	Tim Meusel	rules::llmnr: Allow interface filtering
services		c82b960a	plus de 3 ans	Steve Traylen	rubocop:auto_correct results
bridges_spec.rb	1,33 ko	cb38423a	plus de 2 ans	mh	fix #143 - properly escape rulename for interfaces
dnat4_spec.rb	7,53 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
inet_filter_spec.rb	24,5 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
ip_nat_spec.rb	9,47 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
masquerade_spec.rb	4,5 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
nftables_spec.rb	10,6 ko	a528bf59	11 mois	Steve Traylen	New clobber_default_config paramter Certain OS...
router_spec.rb	5,76 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...
snat4_spec.rb	4,05 ko	0b7bcb5d	plus de 2 ans	mh	Align filemode on RedHat to distro default The...

#	Date	Auteur	Commentaire
a528bf59	2024-06-27 06:33	Steve Traylen	New clobber_default_config paramter Certain OSes namely Debian and Archlinux provide default rules with the OS. This module has always respected those rules and appended all of its own rules to the end of the existing rules. The new parameter `clobber_default_config` if set `true` (default `false`)...
1ef7d5c4	2023-12-31 08:42	Tim Meusel	rules::llmnr: Allow interface filtering
3e2b5119	2023-12-31 08:11	Tim Meusel	rules::ospf3: Allow filtering on incoming interfaces
925c358d	2023-12-31 08:11	Tim Meusel	rules::out::ospf3: Allow filtering on outgoing interfaces
4c3d5d6b	2023-12-31 07:57	Tim Meusel	rules::mdns: Allow interface filtering
51850192	2023-12-31 07:57	Tim Meusel	rules::out::mdns: Allow interface filtering
8cdd24a5	2023-12-29 10:23	Tim Meusel	rules::icmp: Allow ICMP packets with extensions
eac19d14	2023-12-20 14:51	Tim Meusel	Make "dropping invalid packets" configureable It doesn't make sense to explicitly drop those pakets when the default policy is already `DROP`. Also some applications, like ceph, are known to send packets that might be marked as invalid.
9d1ee648	2023-12-20 04:41	Tim Meusel	rules::out:dns: refactor for better readability
67cdcf15	2023-11-24 02:52	Steve Traylen	Support input interface specification to dns server Useful when you want to allow docker/podman containers access to a hosts dns stub resolver. ```puppet class{'nftables::rules::dns': iifname => ['docker0'], } ```

puppet nftables