Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec @ fa92e118

Nom Taille Révision Âge Auteur Commentaire
  acceptance fcb79d73 plus de 3 ans Ben Morrice support a different table name for 'nat' - Some...
  classes fa92e118 plus de 3 ans Romain Tartière Pet rubocop
  defines fa92e118 plus de 3 ans Romain Tartière Pet rubocop
  type_aliases 8c00b818 plus de 4 ans Nacho Barrientos Pull up rule regexp to type aliases
  unit 032387dc environ 4 ans Steve Traylen Add nftables.version to structured fact. ``` F...
default_module_facts.yml 2,18 ko fd0eaeca plus de 4 ans tr Add class bridges Allow traffic from any bridg...
spec_helper.rb 670 octets 5fea281f plus de 3 ans Tim Stallmann modulesync 4.2.0
spec_helper_acceptance.rb 250 octets 5fea281f plus de 3 ans Tim Stallmann modulesync 4.2.0

Dernières révisions

# Date Auteur Commentaire
fa92e118 2021-09-17 21:35 Romain Tartière

Pet rubocop
5fea281f 2021-09-17 21:33 Tim Stallmann

modulesync 4.2.0
fcb79d73 2021-09-07 05:37 Ben Morrice

support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid...
c94658e1 2021-07-06 11:46 Nacho Barrientos

Allow declaring the same set in several tables

Closes #100
7b9d6ffc 2021-05-31 04:42 Nacho Barrientos

Allow creating a totally empty firewall

By setting `nftables::inet_filter` and `nftables::nat` to `false`
users can now start off from a totally empty firewall and add the
tables, chains and rules they'd like.

The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
bd8baa0f 2021-04-26 12:27 Nacho Barrientos

Fix IPv4 source address type detection

Before this patch, a rule like this:

```
nftables::simplerule { 'foo':
action => 'accept',
dport => 443,
proto => 'tcp4',
saddr => '192.168.1.10',
}
```

would incorrectly generate this rule:...
1eda6efa 2021-04-21 09:46 Steve Traylen

Rely on puppet 6 calling daemon-reload

Since Puppet 6 now there no need to explicitly
call `systemctl daemon-reload`.
cd2a3cbf 2021-03-25 03:30 Nacho Barrientos

Add rules for QEMU/libvirt guests
18b211e7 2021-03-24 17:46 duritong

Merge pull request #80 from luisfdez/dockerce

Add Docker-CE default rules
1bf717d9 2021-03-23 08:34 Luis Fernández Álvarez

Add optional handling of chains

Voir les révisions

Formats disponibles : Atom