Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec @ fcb79d73

Nom Taille Révision Âge Auteur Commentaire
  acceptance fcb79d73 plus de 3 ans Ben Morrice support a different table name for 'nat' - Some...
  classes fcb79d73 plus de 3 ans Ben Morrice support a different table name for 'nat' - Some...
  defines fcb79d73 plus de 3 ans Ben Morrice support a different table name for 'nat' - Some...
  type_aliases 8c00b818 plus de 4 ans Nacho Barrientos Pull up rule regexp to type aliases
  unit 032387dc environ 4 ans Steve Traylen Add nftables.version to structured fact. ``` F...
default_module_facts.yml 2,18 ko fd0eaeca plus de 4 ans tr Add class bridges Allow traffic from any bridg...
spec_helper.rb 692 octets 59c1ddf4 plus de 4 ans Steve Traylen Mock with mocha
spec_helper_acceptance.rb 191 octets bd5145ab plus de 4 ans Steve Traylen Add basic configuration validation acceptance t...

Dernières révisions

# Date Auteur Commentaire
fcb79d73 2021-09-07 05:37 Ben Morrice

support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid...
c94658e1 2021-07-06 11:46 Nacho Barrientos

Allow declaring the same set in several tables

Closes #100
7b9d6ffc 2021-05-31 04:42 Nacho Barrientos

Allow creating a totally empty firewall

By setting `nftables::inet_filter` and `nftables::nat` to `false`
users can now start off from a totally empty firewall and add the
tables, chains and rules they'd like.

The default skeleton for inet-filter, ip-nat and ip6-nat is kept...
bd8baa0f 2021-04-26 12:27 Nacho Barrientos

Fix IPv4 source address type detection

Before this patch, a rule like this:

```
nftables::simplerule { 'foo':
action => 'accept',
dport => 443,
proto => 'tcp4',
saddr => '192.168.1.10',
}
```

would incorrectly generate this rule:...
1eda6efa 2021-04-21 09:46 Steve Traylen

Rely on puppet 6 calling daemon-reload

Since Puppet 6 now there no need to explicitly
call `systemctl daemon-reload`.
cd2a3cbf 2021-03-25 03:30 Nacho Barrientos

Add rules for QEMU/libvirt guests
18b211e7 2021-03-24 17:46 duritong

Merge pull request #80 from luisfdez/dockerce

Add Docker-CE default rules
1bf717d9 2021-03-23 08:34 Luis Fernández Álvarez

Add optional handling of chains
032387dc 2021-03-23 02:59 Steve Traylen

Add nftables.version to structured fact.

```
FACTERLIB=. facter -p nftables {
tables => [
"bridge-filter",
"bridge-nat",
"inet-firewalld",
"ip-firewalld",
"ip6-firewalld"
],
version => "0.9.3"
}
```
b61ccb4a 2021-03-19 09:04 Luis Fernández Álvarez

Fix rulename spec in spec

Voir les révisions

Formats disponibles : Atom