Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-07-16 | shorewall::mangle: allow specifying the ACTION explicitly. | intrigeri | |
Previously, it was using $name, which prevented adding multiple mangle rules that share a common ACTION, with different parameters. | |||
2015-07-08 | fixed code indentation, added gitlab shared remote | varac | |
2015-07-08 | moved README to README.md so it hopefully renders as markdown in gitlab now | varac | |
2015-05-08 | Make sure MUNINCOLLECTOR join() gets an array in munin rule | Jerome Charaoui | |
2015-04-17 | Add GPLv3 license | Micah Anderson | |
2015-03-02 | Merge branch 'bugfix/Fix_DHCP_for_libvirt' into 'master' | Jerome Charaoui | |
Fix dhcp for libvirt This branch uses the mangle table support added by the feature/Add_support_for_mangle_table branch to fix the libvirt DHCP when broken by recent kernel. It fills the checksum of this kind of packets on the libvirt interface. This patch shouldn't break older setup, and is implemented so that it can be disabled. See merge request !2 | |||
2015-03-02 | Merge branch 'feature/Add_support_for_mangle_table' into 'master' | Jerome Charaoui | |
Add support for mangle table. When using the kernel from Debian Wheezy-backports (3.16.0-0.bpo.4-amd64), we encoutered a bug where shorewall was breaking the libvirt DHCP if restarted after it. It seems that one has to add a rule in the POSTROUTING chain of the mangle table to --checksum-fill the DHCP packets for them to be properly catch by the VMs DHCP clients. So we had to add support of the mangle table to the shared puppet module to fix that. This patch does just that, and is meant to be used by the other branch I'll propose after. See merge request !1 | |||
2015-02-27 | Fix DHCP from $vmz. | bertagaz | |
On newer kernel (tested on 3.16), the libvirt and shorewall iptables rules have conflicts that need to be fixed by enabling back --checksum-fill on $vmz, otherwise the VMs can't get a DHCP lease. | |||
2015-02-27 | Add support for the mangle table. | bertagaz | |
2013-06-14 | Merge remote-tracking branch 'intrigeri/feature/libvirt-host' | Micah Anderson | |
2013-03-23 | linting | mh | |
2013-03-23 | only manage the config_path if we do not manage the config file | mh | |
2013-03-23 | linting the init.pp | mh | |
2013-03-23 | use the centos class on centos based systems | mh | |
2013-03-23 | with the latest updates on EL6 this is needed | mh | |
2013-03-02 | fixed leftovers from concat_file in rtrules.pp and tunnel.pp | varac | |
2013-02-23 | remove the class requirement in the augeas block, it is handled by the ↵ | Micah Anderson | |
top-level require | |||
2013-02-23 | change the 'include augeas' to a 'require augeas' | Micah Anderson | |
2013-02-20 | add requirement for augeas module | Micah Anderson | |
2013-02-12 | augeas definition needs to make sure the shorewall package is installed ↵ | Micah Anderson | |
before it tries to run | |||
2013-02-09 | Linting. | intrigeri | |
2013-02-09 | Allow not setting up masquerading in libvirt::host. | intrigeri | |
2013-02-09 | libvirt::host: make debproxy port configurable. | intrigeri | |
2013-01-24 | fix missing dependency on augeas | Micah Anderson | |
make sure that the augeas class has been applied before attempting to do any augeas operations. without this, you will non-deterministically get: err: /Stage[main]/Shorewall::Base/Augeas[shorewall_module_config_path]: Could not evaluate: Save failed with return code false | |||
2013-01-02 | cleanup a merge issue | mh | |
2013-01-02 | provide an easy option to still manage the source of the central conf file | mh | |
2013-01-02 | Merge remote-tracking branch 'riseup/master' | mh | |
Conflicts: files/shorewall.conf.CentOS.6 files/shorewall.conf.Debian.wheezy | |||
2013-01-02 | Merge remote-tracking branch 'varac/master' | mh | |
Conflicts: files/boilerplate/providers.footer files/boilerplate/providers.header manifests/base.pp manifests/providers.pp | |||
2013-01-02 | Merge remote-tracking branch 'sarava/master' | mh | |
Conflicts: manifests/base.pp manifests/init.pp | |||
2013-01-02 | Revert "Support exempting some users from torification measures." | intrigeri | |
This reverts commit 6bc54f031b9ae12fe428c83e70733c8b2ff4c67a. This stuff is not ready for the shared repo, but we want to take benefit from me having already merged immerda's stuff into my branch and solved the conflicts. | |||
2013-01-02 | Revert "Allow redirecting DNS requests to Tor for specific users or globally." | intrigeri | |
This reverts commit 0c28fa636653f395c756f56c93f8c78fddfcee00. This stuff is not ready for the shared repo, but we want to take benefit from me having already merged immerda's stuff into my branch and solved the conflicts. | |||
2013-01-02 | Merge remote-tracking branch 'immerda/master' | intrigeri | |
2013-01-01 | make it possible to exent nets for ipsec | mh | |
2012-12-30 | Merge remote-tracking branch 'immerda/master' | intrigeri | |
2012-12-11 | Because the puppet shorewall module uses concat::fragment assembly to put the | Micah Anderson | |
final results in /etc/shorewall/puppet, we have to make sure the shorewall.conf is pointing to that directory to get those configurations. This commit fixes that. | |||
2012-12-04 | actually it is not possible to provide the site-shorewall sources for | Micah Anderson | |
shorewall.conf, because if they do not exist, you will get a puppet error. this commit removes them, and updates the README to provide instructions for how you can do it the old way, if you want | |||
2012-12-04 | Stop shipping the default shorewall.conf file, instead we should let the | Micah Anderson | |
operatingsystem package install its default config (this lets us stop having to keep this file updated), and instead tell people to configure their shorewall.conf file using the augeas method. It is possible still to distribute a shorewall.conf from a site-shorewall directory, however if the file is distributed, then it is not possible to use the augeas method. https://labs.riseup.net/code/issues/2738 | |||
2012-12-02 | Merge branch 'feature/libvirt-host' | intrigeri | |
2012-12-02 | libvirt::host: don't accept FTP from VMs. | intrigeri | |
It was meant to provide preseeding files over FTP, but the Debian installer has been supporting TFTP for a while, so no additional software is needed. | |||
2012-11-25 | added provider | varac | |
2012-11-25 | rtrules: added default priority | varac | |
2012-11-25 | add rtrules | varac | |
2012-11-11 | Update Wheezy's shorewall.conf to use the new configuration directory. | intrigeri | |
Managed configuration files now live in /etc/shorewall/puppet. | |||
2012-11-11 | Merge branch 'feature/torify-dns' into old-master | intrigeri | |
2012-11-11 | Merge branch 'feature/torification-exception' into old-master | intrigeri | |
2012-11-11 | Merge branch 'feature/libvirt-host' into old-master | intrigeri | |
2012-11-11 | Support exempting some users from torification measures. | intrigeri | |
2012-11-11 | Allow redirecting DNS requests to Tor for specific users or globally. | intrigeri | |
2012-11-11 | Import rough libvirt::host class. | intrigeri | |
2012-11-11 | Merge remote-tracking branch 'riseup/master' into tmp | intrigeri | |
Conflicts: manifests/init.pp |