modulesync 9.1.0
<!--
Thank you for contributing to this project!
-->
Hi all, we would like to use this module in combination with the netdev table family type.
Are there any objections?
n/a.
<!--
Thank you for contributing to this project!
-->
Correction of a too general regex concerning bridge names.
Some bridges could be tagged, for example br123:0
, and then could be taken by the regexp, generating an invalid config and dropping error : syntax error, unexpected colon, expecting newline or semicolon
.
n/a
This could be considered a breaking change. I don't mind keeping it open until the next major release.
<!--
Thank you for contributing to this project!
-->
<!--
Replace this comment with a description of your pull request.
-->
<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->
I know the whole concept of nat and IPv6 can seem a bit odd, but I am indeed using it. Having a source nat rule that parallels the snat4 rule would suit me well.
Warning: This is mostly a copy and paste job, so there may be some comedy hiding somewhere.
n/a
This patchset adds a new parameter to the main class to activate a mechanism that will invoke systemctl reload nftables
during the Puppet run if manual changes to the in-memory ruleset are detected.
To accomplish this, the systemd unit in charge of nftables is configured to write a hash of the in-memory ruleset right after starting/reloading. During the Puppet run, the hash of the current rule set is compared to the one previously stored. If the hash differs then systemctl reload nftables
is executed to flush manual changes.
Fixes #113
With specified nftables::log_group
log messages will be send to appropriate NFLOG
group.
The options flags
and group
are mutually exclusive.
with
yaml
nftables::log_group: 1
the rule should look like this:
limit rate 3/minute log prefix "[nftables] OUTPUT Rejected: " group 1