summaryrefslogtreecommitdiff
path: root/manifests/rules
AgeCommit message (Collapse)Author
2016-09-23add tor out rulemh
2015-12-05add razor rulesmh
2015-12-05indentationmh
2015-12-05there might be people who don't have a stun servermh
2015-12-05lintingmh
2015-12-05a cleaner namingmh
2015-12-05add rule for stuno
2015-12-05add rule for openvpno
2015-12-05manage new and legacy ports of managesievemh
2015-12-05add rules for pyzormh
2015-12-05make it easier to override behaviour of the dns rulesmh
2015-12-05fix definemh
2015-12-05migrate ipsec rules to a define so we can specify multiple zonesmh
2015-07-16shorewall::rules::libvirt::host: adjust to changes in shorewall::mangle.intrigeri
That is, make the resource's title more unique by including the destination interface in it, and accordingly pass the desired action via the new, dedicated parameter.
2015-05-08Make sure MUNINCOLLECTOR join() gets an array in munin ruleJerome Charaoui
2015-02-27Fix DHCP from $vmz.bertagaz
On newer kernel (tested on 3.16), the libvirt and shorewall iptables rules have conflicts that need to be fixed by enabling back --checksum-fill on $vmz, otherwise the VMs can't get a DHCP lease.
2013-02-09Linting.intrigeri
2013-02-09Allow not setting up masquerading in libvirt::host.intrigeri
2013-02-09libvirt::host: make debproxy port configurable.intrigeri
2013-01-02Revert "Support exempting some users from torification measures."intrigeri
This reverts commit 6bc54f031b9ae12fe428c83e70733c8b2ff4c67a. This stuff is not ready for the shared repo, but we want to take benefit from me having already merged immerda's stuff into my branch and solved the conflicts.
2013-01-02Revert "Allow redirecting DNS requests to Tor for specific users or globally."intrigeri
This reverts commit 0c28fa636653f395c756f56c93f8c78fddfcee00. This stuff is not ready for the shared repo, but we want to take benefit from me having already merged immerda's stuff into my branch and solved the conflicts.
2013-01-02Merge remote-tracking branch 'immerda/master'intrigeri
2013-01-01make it possible to exent nets for ipsecmh
2012-12-30Merge remote-tracking branch 'immerda/master'intrigeri
2012-12-02Merge branch 'feature/libvirt-host'intrigeri
2012-12-02libvirt::host: don't accept FTP from VMs.intrigeri
It was meant to provide preseeding files over FTP, but the Debian installer has been supporting TFTP for a while, so no additional software is needed.
2012-11-11Merge branch 'feature/torify-dns' into old-masterintrigeri
2012-11-11Merge branch 'feature/torification-exception' into old-masterintrigeri
2012-11-11Merge branch 'feature/libvirt-host' into old-masterintrigeri
2012-11-11Support exempting some users from torification measures.intrigeri
2012-11-11Allow redirecting DNS requests to Tor for specific users or globally.intrigeri
2012-11-11Import rough libvirt::host class.intrigeri
2012-10-02add ipsec_nat rule port 4500Andreas
2012-06-20Revert "Support exempting some users from torification measures."Micah Anderson
This reverts commit 6cb88973f53aa7d92414797dd21952c1c1d5da98.
2012-06-20Revert "Support exempting some users from torification measures."Micah Anderson
This reverts commit 6cb88973f53aa7d92414797dd21952c1c1d5da98.
2012-06-20Merge remote-tracking branch 'immerda/master' into riseupMicah Anderson
NOTE: the conflicts in the files/shorewall.conf.Debian.squeeze I resolved by favoring the actual debian squeeze shorewall.conf, there were a few options in the immerda one that were not the same. Conflicts: README files/shorewall.conf.Debian.squeeze manifests/base.pp manifests/blacklist.pp manifests/debian.pp manifests/host.pp manifests/init.pp manifests/interface.pp manifests/masq.pp manifests/nat.pp manifests/params.pp manifests/policy.pp manifests/proxyarp.pp manifests/rfc1918.pp manifests/routestopped.pp manifests/rule.pp manifests/rule_section.pp manifests/rules/out/ekeyd.pp manifests/zone.pp
2012-06-20Support exempting some users from torification measures.intrigeri
2012-06-18the rest will be included already by the clientmh
2012-06-13migrate away from hiera stuffmh
2012-06-08refactor things for >2.7mh
2012-06-06fix for new style for 2.7mh
2011-11-05allow ssh_in source to be selected by hiera, better naming for the same ↵mh
option for munin
2011-11-05configure munin things via hiera, allow interface to be chosenmh
2011-08-04differentiate between general jabberserver and openfireMarcel Haerry
2011-08-04new class shorewall::rules::dns::disableAndreas Zuber
2011-08-04added rule for tomcatJuerg Gerber
2011-08-04added filetransfer proxy port to jabberserver rulesetJuerg Gerber
2011-08-04fix typoSimon Josi
2011-08-04add output rule for xmppSimon Josi
2011-06-21allow esp traffic from and to memh