Vox Pupuli Tasks Repositories About
Log in

GitHub puppet-nftables
Puppet Module to manage nftables firewall rules.

Repo Checks ( 16 of 20 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Operatingsystems
No translation
passed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
passed
Supports Only Current Oraclelinux
No translation
passed
Supports Latest Oraclelinux
No translation
failed
Supports Only Current Redhat
No translation
passed
Supports Latest Redhat
No translation
passed
Supports Only Current Archlinux
No translation
failed
Supports Latest Archlinux
No translation
failed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
passed

Open Pull Requests

Example how to redirect one port to another
docs

Pull Request (PR) description

Add example how to redirect traffic from one port to another.

Open PR in GitHub
Allow netdev as table family in defined type nftables::chain

<!--
Thank you for contributing to this project!

-->

Allow netdev as table family in defined type nftables::chain

Hi all, we would like to use this module in combination with the netdev table family type.

Are there any objections?

This Pull Request (PR) fixes the following issues

n/a.

Open PR in GitHub
nftables::simplerule::dport - takes port ranges as part of the array

Pull Request (PR) description

Allows nftables::simplerule's dport to accept arrays of both ports and port ranges, and not just one or the other.

This Pull Request (PR) fixes the following issues

Fixes #188

Open PR in GitHub
Inline a file instead of using a source

This file contains just a single file, so it's faster to include it in the catalog. It also means a cached catalog if the puppetserver is unavailable.

Open PR in GitHub
Provide a mechanism to flush un-managed rules
enhancement

This patchset adds a new parameter to the main class to activate a mechanism that will invoke systemctl reload nftables during the Puppet run if manual changes to the in-memory ruleset are detected.

To accomplish this, the systemd unit in charge of nftables is configured to write a hash of the in-memory ruleset right after starting/reloading. During the Puppet run, the hash of the current rule set is compared to the one previously stored. If the hash differs then systemctl reload nftables is executed to flush manual changes.

Fixes #113

Open PR in GitHub