puppet-ferm/spec/defines, branch master

puppet-ferm/spec/defines, branch master Puppet module for ferm https://cgit.fluxo.info/puppet-ferm/atom?h=master 2021-10-31T17:42:03+00:00 rubocop: autofix 2021-10-31T17:42:03+00:00 Tim tim@bastelfreak.de 2021-10-31T17:42:03+00:00 urn:sha1:db73699faa6804744edc06924c43873ebb6f2932 delete legacy `policy` param in ferm::rule 2021-07-16T18:04:33+00:00 Tim Meusel tim@bastelfreak.de 2021-07-16T17:31:42+00:00 urn:sha1:e13e6c1ae0e1848051892d0306030a528b01524a use proper types and validations for port handling 2020-06-30T16:05:47+00:00 Thore Bödecker me@foxxx0.de 2020-06-25T15:07:07+00:00 urn:sha1:856eca997158141e084b9e8c2002d7491a4720a1 - implement validations for port ranges - add test cases for these scenarios use verbose multiport syntax for better compat 2020-06-25T16:40:52+00:00 Thore Bödecker me@foxxx0.de 2020-06-25T15:44:26+00:00 urn:sha1:945faf68871dfdb9f9521cdadcdecfef65634d4b The dports/sports shortcut is only supported starting with ferm v2.5 which was released very recently. In order to support a wider range of distributions and ferm versions, this commits switches to the more verbose version of the multiport features. implement multiport support for dport/sport 2020-06-22T14:17:13+00:00 Thore Bödecker me@foxxx0.de 2020-06-22T13:53:06+00:00 urn:sha1:e048afaec245b19ed8a94a8e2e893c9c9b4e47e6 Allow adding custom ferm dsl for subchains. This is important for using complex iptable rules that are currently not supported by this module or would be very hard to manage just using puppet. 2020-05-07T04:27:49+00:00 Rehan Mahmood rehanone@gmail.com 2020-05-04T18:11:05+00:00 urn:sha1:6be13799d8a2ee49c3af88ffd7a474c39f1475e3 implement ipset support 2019-10-01T14:27:42+00:00 Tim Meusel tim@bastelfreak.de 2019-09-30T12:51:12+00:00 urn:sha1:d4b8909eab6194da389b121e46137da7618eb45c readd Debian 9/10 support 2019-09-12T20:54:38+00:00 Tim Meusel tim@bastelfreak.de 2019-09-12T13:01:58+00:00 urn:sha1:221c45769e56ffda0ac82bd035e0ef5f37706836 allow using an array for $proto 2019-09-11T14:01:32+00:00 Thore Bödecker me@foxxx0.de 2019-09-11T14:01:32+00:00 urn:sha1:3d868fb81532d717fd625638781e4663a834260c This enables defining ferm::rule with multiple protocols at once, because using 'all' for $proto does not allow using $dport/$sport. add ability to define rules in tables != filter 2019-09-11T11:20:35+00:00 Thore Bödecker me@foxxx0.de 2019-09-03T09:56:58+00:00 urn:sha1:882a45498ddefdfc83ff5b19da723fd0be3acdec Previously it was neither possible to properly define custom chains nor to define rules in tables other than the default filter table. For various legitimate reasons it can be required to define rules in the raw, nat or mangle tables, e.g. to use NOTRACK or to configure DNAT/SNAT/MASQUERADE. Additionally it might come in handy to define custom chains to group certain rules and allow a more efficient evaluation for incoming packets by not cramming all rules into the filter/INPUT chain so that (worst-case) all packets need to traverse and evaluate all rules. I have tried to maintain backwards compatibility and to not change default filenames/paths so that it won't result in leftover obsolete unmaged files from previous versions of this module. In order to improve the naming schema the rule $policy has been renamed to $action, however both parameters are available and optional now, with some sanity checks that require at most one of them and issueing a warning() for users of the now deprecated $policy parameter. All previous tests have been adapted to the changes, a long with an additional set of tests for the new feature. Fixes #61