aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-02-09Linting.intrigeri
2013-02-09Allow not setting up masquerading in libvirt::host.intrigeri
2013-02-09libvirt::host: make debproxy port configurable.intrigeri
2013-01-02cleanup a merge issuemh
2013-01-02provide an easy option to still manage the source of the central conf filemh
2013-01-02Merge remote-tracking branch 'riseup/master'mh
Conflicts: files/shorewall.conf.CentOS.6 files/shorewall.conf.Debian.wheezy
2013-01-02Merge remote-tracking branch 'varac/master'mh
Conflicts: files/boilerplate/providers.footer files/boilerplate/providers.header manifests/base.pp manifests/providers.pp
2013-01-02Merge remote-tracking branch 'sarava/master'mh
Conflicts: manifests/base.pp manifests/init.pp
2013-01-02Revert "Support exempting some users from torification measures."intrigeri
This reverts commit 6bc54f031b9ae12fe428c83e70733c8b2ff4c67a. This stuff is not ready for the shared repo, but we want to take benefit from me having already merged immerda's stuff into my branch and solved the conflicts.
2013-01-02Revert "Allow redirecting DNS requests to Tor for specific users or globally."intrigeri
This reverts commit 0c28fa636653f395c756f56c93f8c78fddfcee00. This stuff is not ready for the shared repo, but we want to take benefit from me having already merged immerda's stuff into my branch and solved the conflicts.
2013-01-02Merge remote-tracking branch 'immerda/master'intrigeri
2013-01-01make it possible to exent nets for ipsecmh
2012-12-30Merge remote-tracking branch 'immerda/master'intrigeri
2012-12-11Because the puppet shorewall module uses concat::fragment assembly to put theMicah Anderson
final results in /etc/shorewall/puppet, we have to make sure the shorewall.conf is pointing to that directory to get those configurations. This commit fixes that.
2012-12-04actually it is not possible to provide the site-shorewall sources forMicah Anderson
shorewall.conf, because if they do not exist, you will get a puppet error. this commit removes them, and updates the README to provide instructions for how you can do it the old way, if you want
2012-12-04Stop shipping the default shorewall.conf file, instead we should let theMicah Anderson
operatingsystem package install its default config (this lets us stop having to keep this file updated), and instead tell people to configure their shorewall.conf file using the augeas method. It is possible still to distribute a shorewall.conf from a site-shorewall directory, however if the file is distributed, then it is not possible to use the augeas method. https://labs.riseup.net/code/issues/2738
2012-12-02Merge branch 'feature/libvirt-host'intrigeri
2012-12-02libvirt::host: don't accept FTP from VMs.intrigeri
It was meant to provide preseeding files over FTP, but the Debian installer has been supporting TFTP for a while, so no additional software is needed.
2012-11-25added providervarac
2012-11-25rtrules: added default priorityvarac
2012-11-25add rtrulesvarac
2012-11-11Update Wheezy's shorewall.conf to use the new configuration directory.intrigeri
Managed configuration files now live in /etc/shorewall/puppet.
2012-11-11Merge branch 'feature/torify-dns' into old-masterintrigeri
2012-11-11Merge branch 'feature/torification-exception' into old-masterintrigeri
2012-11-11Merge branch 'feature/libvirt-host' into old-masterintrigeri
2012-11-11Support exempting some users from torification measures.intrigeri
2012-11-11Allow redirecting DNS requests to Tor for specific users or globally.intrigeri
2012-11-11Import rough libvirt::host class.intrigeri
2012-11-11Merge remote-tracking branch 'riseup/master' into tmpintrigeri
Conflicts: manifests/init.pp
2012-10-02add ipsec_nat rule port 4500Andreas
2012-07-12update to latest upstreammh
2012-06-20put config file back to immerda versionMicah Anderson
2012-06-20fix config path, I think I merged that wrongMicah Anderson
2012-06-20Revert "Support exempting some users from torification measures."Micah Anderson
This reverts commit 6cb88973f53aa7d92414797dd21952c1c1d5da98.
2012-06-20Revert "fix for: Syntax error at [; expected ] at ↵Micah Anderson
/etc/puppet/modules/shorewall/manifests/init.pp:39" This reverts commit f072fb5d41026d8b4b5125f8d249b687225cb108.
2012-06-20changes in extension scripts should notify shorewall for a restartMicah Anderson
2012-06-20update extension-script to use a simple file resource, instead of doing a ↵Micah Anderson
managed file since it is never a fragement
2012-06-20update additions to concat module that were not in immerda branchMicah Anderson
2012-06-20fix for an incorrect mergeMicah Anderson
2012-06-20fix another merge issueMicah Anderson
2012-06-20Revert "Support exempting some users from torification measures."Micah Anderson
This reverts commit 6cb88973f53aa7d92414797dd21952c1c1d5da98.
2012-06-20Revert "fix for:"Micah Anderson
This reverts commit d3eb5ffc325bd13e103dc72143f78c050e149d29.
2012-06-20fixup some merge gaffsMicah Anderson
2012-06-20fix for: Syntax error at [; expected ] at ↵Micah Anderson
/etc/puppet/modules/shorewall/manifests/init.pp:39
2012-06-20fix for:Micah Anderson
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Syntax error at '['; expected ']' at /etc/puppet/modules/shorewall/manifests/init.pp:39
2012-06-20Merge remote-tracking branch 'immerda/master' into riseupMicah Anderson
NOTE: the conflicts in the files/shorewall.conf.Debian.squeeze I resolved by favoring the actual debian squeeze shorewall.conf, there were a few options in the immerda one that were not the same. Conflicts: README files/shorewall.conf.Debian.squeeze manifests/base.pp manifests/blacklist.pp manifests/debian.pp manifests/host.pp manifests/init.pp manifests/interface.pp manifests/masq.pp manifests/nat.pp manifests/params.pp manifests/policy.pp manifests/proxyarp.pp manifests/rfc1918.pp manifests/routestopped.pp manifests/rule.pp manifests/rule_section.pp manifests/rules/out/ekeyd.pp manifests/zone.pp
2012-06-20Support exempting some users from torification measures.intrigeri
2012-06-18the rest will be included already by the clientmh
2012-06-13migrate away from hiera stuffmh
2012-06-08refactor things for >2.7mh