summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-11-09Merge remote-tracking branch 'shared/master'HEADmasterkwadronaut
2018-05-02Add missing parameter in host.ppJérôme Charaoui
2018-05-02Merge branch 'libvirt-puppet4' into 'master'Jérôme Charaoui
Puppet 4 compatibility. See merge request shared-puppet-modules-group/shorewall!15
2018-04-05Puppet 4 compatibility.intrigeri
2018-04-05Merge branch 'SECTION' into 'master'intrigeri
This fixes the ?SECTION change. See merge request shared-puppet-modules-group/shorewall!14
2018-04-05Merge branch 'routefilter' into 'master'intrigeri
routefilter is also not an ipv6 possible option See merge request shared-puppet-modules-group/shorewall!13
2018-03-24This fixes the ?SECTION change.Micah Anderson
The change requiring ? before SECTION happened in 4.6.0. Our check was only looking at the major version to see if it was 4, and if so, it would not add the ?. This was too imprecise and would not add the ? in versions of shorewall 4.6 and greater. So this commit will change that check to be more specific.
2018-03-24The blacklist option should not be set by default, it should only be added whenMicah Anderson
you are actually going to blacklist things. Otherwise you get this warning from shorewall_check each day: WARNING: There are interfaces or zones with the 'blacklist' option, but the 'blacklist' file is either missing or has zero size Also, the README for this module notes that this option is deprecated upstream, and so we should remove it.
2018-03-23routefilter is also not a valid ipv6 optionMicah Anderson
2018-03-23Merge branch 'fix_8' into 'master'Micah
Remove $puppetserver_signport, fixes #8 Closes #8 See merge request shared-puppet-modules-group/shorewall!12
2018-02-16Remove $puppetserver_signport, fixes #8Jerome Charaoui
ng  lavamind: this is an acient relict, where there was a problem signing through apache ng  and then we had a mongrel running on that port
2018-01-13Merge remote-tracking branch 'origin/master' into immerda_mergeMicah Anderson
2018-01-13Merge remote-tracking branch 'immerda/master' into immerda_mergeMicah Anderson
2018-01-09Merge branch 'concat_update' into 'master'Jérôme Charaoui
Concat update See merge request shared-puppet-modules-group/shorewall!11
2018-01-09Don't transitively pass $ensure parameter to concat::fragmentintrigeri
Follow up on commit 851c51659961724a1457e3de1bbe9591390b1e82.
2017-11-22Don't pass $ensure parameter to concat::fragmentJerome Charaoui
It has been removed in the latest version of puppetlabs-concat
2017-11-02switch to the new facts hashmh
2017-09-24lintingmh
2017-09-24make sure shorewall6 is started after shorewallmh
as inserting fw rules into iptables can't be properly serialized. This is a backport of a fix that went into shorewall 5.1.6 by commit 0603f8e355b19ca88d2a7ad6f181767092e02e00 in the shorewall repository.
2017-08-30make ipv6 tuneablemh
2017-08-29correctly set shorewall6 option for puppetserver configmh
2017-08-29fix param namemh
2017-08-29there is no ipv6 support there yetmh
2017-08-24make sure we also en/disable it based on the right settingmh
2017-08-24delete the old waymh
2017-08-24workaround a bug in facter that sets ipaddress6 to ipv4 addressesmh
2017-08-03make it possible to set v6 and v6 puppetservermh
2017-07-19add mosh supportmh
2017-07-06to make the previous commit work, we should also remove the ensure from fragmentmh
2017-07-05lintingmh
2017-07-05make ensure a noop for concat::framet, as from puppetlabs-concat 4.0.1 on ↵mh
this is removed and concat purges non-managed fragments
2017-06-23fix filename renameMicah Anderson
2017-06-23Merge branch 'master' into puppet4Micah Anderson
2017-05-21remove an unnecessary depmh
2017-05-08try to be extra cautious when restarting and do it with the try, so nothing ↵mh
breaks if something is broken that is not connected at compile time
2017-05-08don't notify the servicemh
2017-05-01correct snippetmh
2017-05-01this is IPv4 only so farmh
2017-05-01also support EL6 style filesmh
2017-05-01add missing package for EL6mh
2017-04-25add missing filemh
2017-04-25we should start managing also that filemh
2017-04-25manage policies for shorewall6mh
2017-04-25make it possibble to disable ipv6 for these rulesmh
2017-04-25enable shorewall6 rules by defaultmh
2017-04-25suffix it with _IP6, so we can have duplicate definitions with IPv4 shorewallmh
2017-04-25suffix it with _IP6, so we can have duplicate definitions with IPv4 shorewallmh
2017-04-15lintingmh
2017-04-09minor lintingmh
2017-04-09make it possible to manage rules for ipv4 & ipv6 + add some more modern ↵mh
headers for certain versions