<!--
Thank you for contributing to this project!
-->
<!--
Replace this comment with a description of your pull request.
-->
<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->
Add ferm::ipsets
parameter to enable configuration of ferm::ipset
resources via Hiera.
It's basically the same as ferm::rules
and ferm::chains
.
I successfully tested negation with 'saddr', 'daddr', 'sport', and 'dport' using ferm v2.6.
The new parameter negate
takes String as well as Array.
'forward_accept_rfc1918':
chain: 'DOCKER-USER'
action: 'ACCEPT'
proto: 'tcp'
saddr:
- '10.0.0.0/8'
negate: 'saddr'
'forward_accept_rfc1918':
chain: 'DOCKER-USER'
action: 'ACCEPT'
proto: 'tcp'
saddr:
- '10.0.0.0/8'
negate:
- 'saddr'
<!--
Thank you for contributing to this project!
-->
<!--
Replace this comment with a description of your pull request.
-->
<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->
This PR adds match
parameter to ipset
resource to enable matching dst
against ipsets.
By default it's value is src
thus making it (backwards) compatible with existing configurations
modulesync 5.3.0