All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v2.0.0 (2021-06-01)
Breaking changes:
- Drop Puppet 5, puppetlabs/concat 7.x, puppetlabs/stdlib 7.x, camptocamp/systemd: 3.x #92 (traylenator)
- Drop Puppet 5 support #79 (kenyon)
Implemented enhancements:
- Ability to set base chains #95
- puppetlabs/concat: Allow 7.x #91 (bastelfreak)
- puppetlabs/stdlib: Allow 7.x #90 (bastelfreak)
- camptocamp/systemd: allow 3.x #89 (bastelfreak)
Fixed bugs:
- Fix IPv4 source address type detection #93 (nbarrientos)
Closed issues:
- Class[Nftables::Bridges]['bridgenames'] contains a Regexp value. It will be converted to the String '/^br.+/' #83
Merged pull requests:
- Allow creating a totally empty firewall #96 (nbarrientos)
- Amend link to Yasnippets #88 (nbarrientos)
v1.3.0 (2021-03-25)
Implemented enhancements:
- Add rules for QEMU/libvirt guests (bridged virtual networking) #85 (nbarrientos)
- Add nftables.version to structured fact. #84 (traylenator)
- Add rules for Apache ActiveMQ #82 (nbarrientos)
- Add Docker-CE default rules #80 (luisfdez)
Merged pull requests:
- Fix sections and add a pointer to code snippets for Emacs #81 (nbarrientos)
v1.2.0 (2021-03-03)
Implemented enhancements:
Fixed bugs:
- nftables service is broken after reboot #74
- fix #74 - ensure table are initialized before flushing them #75 (duritong)
v1.1.1 (2021-01-29)
Fixed bugs:
- Simplerule: wrong IP protocol version filter statement for IPv6 traffic #69
- Fix IP version filter for IPv6 traffic #70 (nbarrientos)
Merged pull requests:
- Improve nftables::rule's documentation #68 (nbarrientos)
v1.1.0 (2021-01-25)
Implemented enhancements:
- Enable parameter_documentation lint #64 (traylenator)
- Add Samba in rules #62 (glpatcern)
- Add some mail related outgoing rules #60 (duritong)
Fixed bugs:
- nftables::simplerule should follow the same rules as nftables::rule #58
- Align simplerule and rule rulename requirements #59 (nbarrientos)
Closed issues:
- Get it under the voxpupuli umbrella #35
Merged pull requests:
- Add badges to README #63 (traylenator)
- Check that all the predefined rules are declared in the all rules acceptance test #53 (nbarrientos)
v1.0.0 (2020-12-15)
Breaking changes:
Implemented enhancements:
- Use Stdlib::Port everywhere in place of Integer #56 (traylenator)
- Enable Puppet 7 support #51 (bastelfreak)
- Several fixes for nftables::config #48 (nbarrientos)
- rubocop corrections #41 (traylenator)
- Add basic configuration validation acceptance test #38 (traylenator)
- Remove duplicate flush on reload #34 (traylenator)
- Add nftables::simplerule #33 (nbarrientos)
- Add Ceph and NFS rules #32 (dvanders)
- New parameter noflush_tables to selectivly skip flush #31 (traylenator)
- Scientific Linux 8 will never exist #30 (traylenator)
- Enable conntrack in FORWARD #29 (keachi)
- Do not test nftables::rules repeatadly #28 (traylenator)
- Allow sourcing sets from Hiera #26 (nbarrientos)
- Allow disabling default NAT tables and chains #25 (nbarrientos)
- Set a customisable rate limit to the logging rules #22 (nbarrientos)
- Make masking Service['firewalld'] optional #20 (nbarrientos)
- Move ICMP stuff to separate classes allowing better customisation #16 (nbarrientos)
- Move conntrack rules from global to INPUT and OUTPUT #14 (nbarrientos)
- Add comments for all the nftable::rules entries #13 (traylenator)
- Allow tables to add comments to $log_prefix #12 (nbarrientos)
- Reload rules atomically and verify rules before deploy #10 (traylenator)
- Allow raw sets and dashes in set names #8 (nbarrientos)
- Add a parameter to control the fate of discarded traffic #7 (nbarrientos)
- Add rules for afs3_callback in and out rules for kerberos and openafs. #6 (traylenator)
- Allow customising the log prefix #5 (nbarrientos)
- Add classes encapsulating rules for DHCPv6 client traffic (in/out) #4 (nbarrientos)
- Add support for named sets #3 (nbarrientos)
- New parameter out_all, default false #1 (traylenator)
Fixed bugs:
- Correct nfs3 invalid udp /tcp matching rule and more tests #50 (traylenator)
- Prefix custom tables with custom- so they're loaded #47 (nbarrientos)
- Correct bad merge #15 (traylenator)
Closed issues:
- deploying custom tables is broken #45
- Switch to Stdlib::Port everywhere #37
- Add set definition from Hiera #24
- Add an option to disable NAT #23
- Add an option to limit the rate of logged messages #19
- Rule API #17
- Publish to forge.puppet.com #11
- The global chain contains INPUT specific rules #9
- The fate of forbidden packets should be configurable #2
Merged pull requests:
- Docs for nftables::set #55 (traylenator)
- Remove a blank separating the doc string and the code #52 (nbarrientos)
- Release 1.0.0 #49 (traylenator)
- Correct layout of ignore table example #44 (traylenator)
- Fix typos and formatting in the README #43 (nbarrientos)
- Comment why firewalld_enable parameter is required #40 (traylenator)
- modulesync 4.0.0 #36 (traylenator)
- Refresh REFERENCE #27 (traylenator)
* This Changelog was automatically generated by github_changelog_generator