GitHub puppet-nftables
Puppet Module to manage nftables firewall rules.

Repo Checks ( 12 of 13 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
passed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
passed

Open Pull Requests

WIP: Add support for Debian
enhancement

One thing I haven't figured out yet is how to fix the tests for Debian. I have added the defaults for the OS in data/os/Debian.yaml, but they do not seem to be used.

Pull Request (PR) description

Adds support for Debian Buster (10).

This Pull Request (PR) fixes the following issues

Fixes #65

Open PR in GitHub
Use protocol number instead of label
enhancement

Pull Request (PR) description

The label was ospf and will be ospfigp in the future. Instead of
creating a map use the protocol number to be compatible with newer
versions.

This Pull Request (PR) fixes the following issues

Fixes #111

Open PR in GitHub
Provide a mechanism to flush un-managed rules
enhancement

This patchset adds a new parameter to the main class to activate a mechanism that will invoke systemctl reload nftables during the Puppet run if manual changes to the in-memory ruleset are detected.

To accomplish this, the systemd unit in charge of nftables is configured to write a hash of the in-memory ruleset right after starting/reloading. During the Puppet run, the hash of the current rule set is compared to the one previously stored. If the hash differs then systemctl reload nftables is executed to flush manual changes.

Fixes #113

Open PR in GitHub