| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-07-16 | delete legacy `policy` param in ferm::rule | Tim Meusel | |
| 2021-06-28 | Enable users to the package ensure | Tim Meusel | |
| 2021-06-28 | Add support for opensuse | Rehan Mahmood | |
| This however can only be done using `install_method = vcsrepo` as the ferm itself is not in the OS repos. | |||
| 2021-06-28 | enhance spec coverage | Tim Meusel | |
| 2021-06-28 | rubocop: autofix | Tim Meusel | |
| 2021-02-16 | add test for numeric value protocols | Kilian Engelhardt | |
| 2021-02-09 | drop unneeded manage_initfile param | Tim Meusel | |
| 2021-02-09 | Drop EoL CentOS 6 support | Tim Meusel | |
| 2020-10-28 | modulesync 3.1.0 | Tim Meusel | |
| 2020-06-30 | add type_aliases tests for the other ferm types | Thore Bödecker | |
| 2020-06-30 | use proper types and validations for port handling | Thore Bödecker | |
| - implement validations for port ranges - add test cases for these scenarios | |||
| 2020-06-25 | use verbose multiport syntax for better compat | Thore Bödecker | |
| The dports/sports shortcut is only supported starting with ferm v2.5 which was released very recently. In order to support a wider range of distributions and ferm versions, this commits switches to the more verbose version of the multiport features. | |||
| 2020-06-22 | implement multiport support for dport/sport | Thore Bödecker | |
| 2020-05-18 | add install_method parameter | Fabien COMBERNOUS | |
| 2020-05-07 | Allow adding custom ferm dsl for subchains. This is important for using ↵ | Rehan Mahmood | |
| complex iptable rules that are currently not supported by this module or would be very hard to manage just using puppet. | |||
| 2020-04-21 | make dropping of pakets marked as invalid optional | Tim Meusel | |
| 2020-04-21 | use dedicated conntrack parameters | Fabien COMBERNOUS | |
| 2020-04-07 | Use voxpupuli-acceptance | Ewoud Kohl van Wijngaarden | |
| 2020-02-11 | cleanup spec_helper.rb | Tim Meusel | |
| 2020-02-11 | modulesync 3.0.0 | Tim Meusel | |
| 2019-12-06 | modulesync 2.9.0 | Dennis Hoppe | |
| 2019-10-29 | revert PR81 | Fabien COMBERNOUS | |
| 2019-10-01 | implement ipset support | Tim Meusel | |
| 2019-10-01 | disable conntrack filtering in FORWARD/OUTPUT | Thore Bödecker | |
| conntrack filtering basically doesn't work in those chains, so we need to disable it. | |||
| 2019-09-13 | fix kernel incompatibilities | Thore Bödecker | |
| Certain kernel modules and thus iptables functionality was introduced at later releases, so we need to properly reflect that in our default chain initialization procedure. `INPUT` chain for `nat` table was introduced with 2.6.36 `ip6table_nat` kernel module for NAT functionality with IPv6 was introduced with 3.17 This commit implements the required conditional constraints and includes the rspec tests to validate it. | |||
| 2019-09-12 | readd Debian 9/10 support | Tim Meusel | |
| 2019-09-11 | allow using an array for $proto | Thore Bödecker | |
| This enables defining ferm::rule with multiple protocols at once, because using 'all' for $proto does not allow using $dport/$sport. | |||
| 2019-09-11 | add ability to define rules in tables != filter | Thore Bödecker | |
| Previously it was neither possible to properly define custom chains nor to define rules in tables other than the default filter table. For various legitimate reasons it can be required to define rules in the raw, nat or mangle tables, e.g. to use NOTRACK or to configure DNAT/SNAT/MASQUERADE. Additionally it might come in handy to define custom chains to group certain rules and allow a more efficient evaluation for incoming packets by not cramming all rules into the filter/INPUT chain so that (worst-case) all packets need to traverse and evaluate all rules. I have tried to maintain backwards compatibility and to not change default filenames/paths so that it won't result in leftover obsolete unmaged files from previous versions of this module. In order to improve the naming schema the rule $policy has been renamed to $action, however both parameters are available and optional now, with some sanity checks that require at most one of them and issueing a warning() for users of the now deprecated $policy parameter. All previous tests have been adapted to the changes, a long with an additional set of tests for the new feature. Fixes #61 | |||
| 2019-09-09 | enable acceptance | Fabien COMBERNOUS | |
| 2019-09-02 | allow preserving of chains in tables | Thore Bödecker | |
| 2019-09-01 | Add Debian 10 support & make configdirectory configureable | Tim Meusel | |
| 2019-08-09 | add second pair of parenthesis | Kilian Engelhardt | |
| Previously this second pair of parenthesis was part of Hiera values; e.g.: subnet01 = '( ip01/32 ip02/32 )' Now it needs to be added by ferm::rule. | |||
| 2019-08-09 | add test for array support | Kilian Engelhardt | |
| 2019-07-27 | modulesync 2.8.0 | Tim Meusel | |
| 2019-07-11 | add support for interface specific rules | Tim Meusel | |
| 2019-07-11 | enhance unit tests | Tim Meusel | |
| 2019-04-06 | modulesync 2.7.0 | Tim Meusel | |
| 2019-04-05 | add test for RedHat-like to contain init script | Kilian Engelhardt | |
| 2019-01-24 | modulesync 2.5.1 | Tim Meusel | |
| 2018-12-19 | Implement logging to kernel log | Tim Meusel | |
| 2018-12-04 | modulesync 2.3.1 | Tim Meusel | |
| 2018-07-11 | rubocop: autofix | Tim Meusel | |
| 2018-07-11 | disable rule caching on ubuntu | Tim Meusel | |
| Fixes #16. Ubuntu caches rules. This doesn't allow us to reload the daemon and to apply new rules. Also this is a ubuntu only feature, it works well on all other platforms without cache. | |||
| 2018-07-11 | add official ubuntu support | Tim Meusel | |
| 2018-05-22 | Remove docker nodesets | Tim Meusel | |
| 2018-05-20 | modulesync 1.9.2 | Tim Meusel | |
| 2018-03-23 | modulesync 1.9.0 | TraGicCode | |
| 2018-03-17 | add test to verify chains do not use conntrack | Kilian Engelhardt | |
| 2018-03-15 | initial commit | Tim Meusel | |
 |
index : puppet-ferm | |
| Puppet module for ferm | Fluxo |
| aboutsummaryrefslogtreecommitdiff |