Projet

Général

Profil

Révision:

Révisions

# Date Auteur Commentaire
a5f5fb12 2020-11-19 15:56 duritong

Merge pull request #13 from traylenator/comment

Add comments for all the nftable::rules entries
21d0496e 2020-11-19 15:53 duritong

Merge pull request #14 from cernops/ct_away

Move conntrack rules from global to INPUT and OUTPUT
7b14f6d9 2020-11-19 15:11 keachi

Merge pull request #6 from traylenator/afs

Add rules for afs3_callback in and out rules for kerberos and openafs.
ea96d5db 2020-11-19 10:15 Nacho Barrientos

Move ct rules from global to INPUT and OUTPUT
61f03b47 2020-11-19 09:19 Steve Traylen

Switch $order$fragmenta/b to $order-$fragment-a/b
e53053ce 2020-11-19 08:31 Steve Traylen

Add comments for all the nftable::rules entries

For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for the rule.

The motivation here is to make the mapping from resulting rules back
to puppet code more obvious. When adding a new rule it should be more...
9e5b8bf0 2020-11-19 05:28 keachi

Merge pull request #12 from cernops/log_format

Allow tables to add comments to $log_prefix
ac0af4aa 2020-11-19 03:16 Nacho Barrientos

Allow tables to add comments to $log_prefix
ef3e9ad6 2020-11-18 15:25 duritong

Merge pull request #8 from cernops/ai5973

Allow raw sets and dashes in set names
9785cd54 2020-11-18 11:02 Steve Traylen

lint fix
215aee13 2020-11-18 07:18 Steve Traylen

Add kerberos out and openafs_client out
f3f2870f 2020-11-18 07:18 Steve Traylen

Add rules for afs3_callback

In particular the afs callback to the cache manager(7001) which is UDP and always
IPv4 since there OpenAFS does not support IPv6.

https://wiki.openafs.org/devel/AFSServicePorts/
5e0146c2 2020-11-17 09:53 keachi

Merge pull request #7 from cernops/reject_with

Add a parameter to control the fate of discarded traffic
7bb485c5 2020-11-16 09:19 Nacho Barrientos

Allow dashes in set names
9f0498e3 2020-11-16 09:16 Nacho Barrientos

Relax nftables::set::type making it optional

This is needed in case nftables::set is passed raw configuration via
source or content.
70727742 2020-11-16 04:50 Nacho Barrientos

Add a parameter to control the fate of discarded packets
0cf43fdf 2020-11-15 16:37 duritong

Merge pull request #4 from cernops/dhcp6

Add classes encapsulating rules for DHCPv6 client traffic (in/out)
37b2a3b7 2020-11-15 13:41 Nacho Barrientos

Add class nftables::services::dhcpv6_client
883389dc 2020-11-15 10:51 duritong

Merge pull request #5 from cernops/custom_log_prefix

Allow customising the log prefix
43566263 2020-11-15 10:47 Nacho Barrientos

Add rules for outgoing and incoming DHCPv6 client traffic
ed827383 2020-11-15 04:44 Nacho Barrientos

Allow customising the log prefix
317b8d01 2020-11-13 14:21 keachi

Merge pull request #3 from cernops/ai5973

Add support for named sets
20b96360 2020-11-13 09:57 Nacho Barrientos

Add support for named sets
e4c32222 2020-11-13 09:55 Nacho Barrientos

Use concat for table conf generation

This way other components of the module will be able to add extra stuff
to the table definitions like sets.
18ec6f48 2020-11-05 16:43 tr

Fix rulenames which includes an index

The rulename has a regex pattern `[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(\d+)?$/]`
which allows an index at the end of the rulename (with a delimiter).
This is split later with `$data = split($rulename, '')` but the content...
e5eb7424 2020-11-05 16:37 tr

Allow to specify prometheus source addresses
e73f2e97 2020-10-28 15:53 tr

Fix rule node exporter
8227cb1c 2020-10-28 15:50 tr

Manage rule in dns
cb50fd79 2020-10-28 15:47 tr

Add rule in node_exporter
e105f149 2020-10-28 14:50 tr

Include table ip6 nat
248ef9d5 2020-10-28 14:40 tr

Add basic ip6 nat chains
579e27df 2020-10-27 02:22 tr

Fix the regex for bridge names
2c00d766 2020-10-27 02:22 tr

Replace dashes with underlines

Docker daemon bridges contains dashes, replace them with underlines to
fit the naming concept.
66ed7f61 2020-10-26 02:15 mh

migrate create_resource to the generic loop over hash approach

create_resource is notorious for not providing exact line/file info
when something fails. Since in puppet you can now loop over hashes
and you have the splat assignment operator. This means you get much...
66b1a7a9 2020-10-25 10:05 tr

Allow ICMPv6 Router Advertisment packets
fd0eaeca 2020-10-24 06:02 tr

Add class bridges

Allow traffic from any bridge to itself by default
c1224db5 2020-10-23 13:47 tr

Move filter rules to inet_filter class
b3a7a6dd 2020-10-23 13:46 tr

Allow to inject custom rules
0f63a915 2020-10-23 13:19 tr

Git ignore .ruby-version
8726ba4c 2020-10-23 05:55 tr

Switch back to Ruby 2.5

```
can't modify frozen String: "true"
```
[Ticket IAC-1146](https://tickets.puppetlabs.com/browse/IAC-1146)
b171ac7f 2020-10-20 12:55 mh

fix offenses
9511e610 2020-10-20 11:36 duritong

Merge pull request #1 from traylenator/all

New parameter out_all, default false
e17693e3 2020-10-20 08:29 Steve Traylen

New parameter out_all, default false

In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.

Default is false so backwards compatible.

If true all the other out_bound rules (ntp, ...) will be disabled...
3f91610b 2020-10-16 11:17 tr

Merge branch 'pdk' into 'master'

Add a PDK configuration and run PDK convert

See merge request immerda/puppet-modules/nftables!1
9d7d63a6 2020-10-16 11:14 tr

Only test with Ruby 2.7 and Puppet 6
01d8a819 2020-10-16 10:29 tr

Styling to make tests green
705bb26f 2020-10-16 09:52 tr

Add travis ci configuration
ece9be27 2020-10-15 17:44 tr

Do PDK convert
a074dec2 2020-10-14 12:23 tr

Allow index numbers
25205881 2020-10-14 12:15 tr

Fix rule puppet out
(551-600/665) Par page : 50, 100, 200

Formats disponibles : Atom