Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-10-01 | disable conntrack filtering in FORWARD/OUTPUT | Thore Bödecker | |
conntrack filtering basically doesn't work in those chains, so we need to disable it. | |||
2019-10-01 | Merge pull request #83 from bastelfreak/docs3 | Tim Meusel | |
delete legacy docs/ folder | |||
2019-10-01 | delete legacy docs/ folder | Tim Meusel | |
We now have a REFERENCE.md in the repository. We don't need the docs/ folder anymore. | |||
2019-09-21 | Merge pull request #75 from Dan33l/move_common_init | Tim Meusel | |
move common from hiera data values to init.pp | |||
2019-09-18 | move common from hiera data values to init.pp | Fabien COMBERNOUS | |
2019-09-13 | [blacksmith] Bump version to 2.5.1-rc0 | Tim Meusel | |
2019-09-13 | Merge pull request #70 from Dan33l/release-2.5.0 | Tim Meusel | |
release 2.5.0 | |||
2019-09-13 | release 2.5.0 | Fabien COMBERNOUS | |
2019-09-13 | Merge pull request #73 from foxxx0/add-more-examples | Fabien COMBERNOUS | |
Add more examples | |||
2019-09-13 | Merge pull request #72 from foxxx0/fix-kernel-incompatibilities | Tim Meusel | |
fix kernel incompatibilities | |||
2019-09-13 | add conntrack/NOTRACK example | Thore Bödecker | |
2019-09-13 | fix kernel incompatibilities | Thore Bödecker | |
Certain kernel modules and thus iptables functionality was introduced at later releases, so we need to properly reflect that in our default chain initialization procedure. `INPUT` chain for `nat` table was introduced with 2.6.36 `ip6table_nat` kernel module for NAT functionality with IPv6 was introduced with 3.17 This commit implements the required conditional constraints and includes the rspec tests to validate it. | |||
2019-09-13 | Merge pull request #71 from bastelfreak/docs2 | Tim Meusel | |
enhance puppet-strings documentation | |||
2019-09-13 | enhance puppet-strings documentation | Tim Meusel | |
2019-09-12 | Merge pull request #69 from bastelfreak/debian | Fabien COMBERNOUS | |
readd Debian 9/10 support | |||
2019-09-12 | readd Debian 9/10 support | Tim Meusel | |
2019-09-12 | Merge pull request #68 from foxxx0/collect-chains-from-hiera | Tim Meusel | |
expose parameter to initialize custom chains | |||
2019-09-12 | Merge pull request #67 from foxxx0/allow-proto-array | Tim Meusel | |
allow using an array for $proto | |||
2019-09-11 | expose parameter to initialize custom chains | Thore Bödecker | |
Previously it was not possible to define custom chains with parameter, e.g. in order to collect them from hiera. This commit adds this functionality, just like it was already in place for ferm::rules. | |||
2019-09-11 | allow using an array for $proto | Thore Bödecker | |
This enables defining ferm::rule with multiple protocols at once, because using 'all' for $proto does not allow using $dport/$sport. | |||
2019-09-11 | Merge pull request #58 from voxpupuli/multi-table-support | Tim Meusel | |
add ability to configure rules in tables other than the default "filter" table | |||
2019-09-11 | add ability to define rules in tables != filter | Thore Bödecker | |
Previously it was neither possible to properly define custom chains nor to define rules in tables other than the default filter table. For various legitimate reasons it can be required to define rules in the raw, nat or mangle tables, e.g. to use NOTRACK or to configure DNAT/SNAT/MASQUERADE. Additionally it might come in handy to define custom chains to group certain rules and allow a more efficient evaluation for incoming packets by not cramming all rules into the filter/INPUT chain so that (worst-case) all packets need to traverse and evaluate all rules. I have tried to maintain backwards compatibility and to not change default filenames/paths so that it won't result in leftover obsolete unmaged files from previous versions of this module. In order to improve the naming schema the rule $policy has been renamed to $action, however both parameters are available and optional now, with some sanity checks that require at most one of them and issueing a warning() for users of the now deprecated $policy parameter. All previous tests have been adapted to the changes, a long with an additional set of tests for the new feature. Fixes #61 | |||
2019-09-09 | Merge pull request #59 from Dan33l/enable_acceptance | Fabien COMBERNOUS | |
enable acceptance and drop EOL ubuntu1404 | |||
2019-09-09 | enable acceptance | Fabien COMBERNOUS | |
2019-09-09 | drop EOL ubuntu1404 | Fabien COMBERNOUS | |
2019-09-09 | Merge pull request #65 from Dan33l/status_option | Tim Meusel | |
add missing status option for CentOS 6 init script | |||
2019-09-09 | add status option | Fabien COMBERNOUS | |
2019-09-09 | Merge pull request #62 from Dan33l/drop_debian_from_supported_oses | Tim Meusel | |
drop Debian from supported OSes | |||
2019-09-09 | drop Debian from supported OSes | Fabien COMBERNOUS | |
2019-09-02 | [blacksmith] Bump version to 2.4.1-rc0 | Tim Meusel | |
2019-09-02 | Merge pull request #56 from bastelfreak/rel240 | Tim Meusel | |
release 2.4.0 | |||
2019-09-02 | release 2.4.0 | Tim Meusel | |
2019-09-02 | Merge pull request #55 from bastelfreak/chains | Tim Meusel | |
allow preserving of chains in tables | |||
2019-09-02 | allow preserving of chains in tables | Thore Bödecker | |
2019-09-01 | Merge pull request #54 from bastelfreak/debian10 | Tim Meusel | |
Add Debian 10 support & make configdirectory configureable | |||
2019-09-01 | Add Debian 10 support & make configdirectory configureable | Tim Meusel | |
2019-08-31 | Merge pull request #52 from bastelfreak/docs | David Hollinger III | |
allow all supported iptables protocolls & enhance puppet-strings documentation Unverified | |||
2019-08-31 | Merge pull request #53 from bastelfreak/freebsd | David Hollinger III | |
remove FreeBSD from supported OS list | |||
2019-08-31 | remove FreeBSD from supported OS list | Tim Meusel | |
This module only works on systems with a linux kernel and iptables. | |||
2019-08-31 | enhance puppet-strings documentation | Tim Meusel | |
2019-08-31 | allow all supported iptables protocolls | Tim Meusel | |
2019-08-12 | Merge pull request #51 from kBite/allow-array-for-saddr-daddr | Tim Meusel | |
Allow array for saddr and daddr | |||
2019-08-09 | Update README.md | kBite | |
add missing 'a' Co-Authored-By: Tim Meusel <tim@bastelfreak.de> | |||
2019-08-09 | add second pair of parenthesis | Kilian Engelhardt | |
Previously this second pair of parenthesis was part of Hiera values; e.g.: subnet01 = '( ip01/32 ip02/32 )' Now it needs to be added by ferm::rule. | |||
2019-08-09 | add test for array support | Kilian Engelhardt | |
2019-08-09 | add example using Hiera subnet variables to README.md | Kilian Engelhardt | |
2019-08-08 | allow arrays for saddr and daddr | Kilian Engelhardt | |
check for data type IP address when using arrays add debug output when it's failing | |||
2019-07-27 | Merge pull request #50 from voxpupuli/modulesync | Tim Meusel | |
modulesync 2.8.0 | |||
2019-07-27 | modulesync 2.8.0 | Tim Meusel | |
2019-07-12 | [blacksmith] Bump version to 2.3.1-rc0 | Tim Meusel | |