]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 4e86214)
Release version 2.4.0 v2.4.0
authorAuto-release <team-modules@puppet.com>
Wed, 13 May 2020 10:10:47 +0000 (10:10 +0000)
committerAuto-release <team-modules@puppet.com>
Wed, 13 May 2020 10:10:47 +0000 (10:10 +0000)
CHANGELOG.md patch | blob | history
REFERENCE.md patch | blob | history
metadata.json patch | blob | history

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f7a3c6d538c804f72ed05847a9a40ffd859e77a8..92a8097234bb4b3beb01dab2ef4adf358fbe7ecf 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v2.4.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v2.4.0) (2020-05-13)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v2.3.0...v2.4.0)
+
+### Added
+
+- Add support for u32 module in iptables [\#917](https://github.com/puppetlabs/puppetlabs-firewall/pull/917) ([sanfrancrisko](https://github.com/sanfrancrisko))
+- Add support for cgroup arg [\#916](https://github.com/puppetlabs/puppetlabs-firewall/pull/916) ([akerl-unpriv](https://github.com/akerl-unpriv))
+- Extend LOG options [\#914](https://github.com/puppetlabs/puppetlabs-firewall/pull/914) ([martialblog](https://github.com/martialblog))
+
+### Fixed
+
+- \(MODULES-8543\) Remove nftables' backend warning from iptables\_save outtput [\#911](https://github.com/puppetlabs/puppetlabs-firewall/pull/911) ([NITEMAN](https://github.com/NITEMAN))
+
 ## [v2.3.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v2.3.0) (2020-03-26)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v2.2.0...v2.3.0)
diff --git a/REFERENCE.md b/REFERENCE.md
index b5fd806d0fcb0a272bb7b91b5eb9f6932ec5d8ae..4b57a52f38c6fd74c2adcc03d574e876ab0aa8d7 100644 (file)
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -125,7 +125,8 @@ installed.
     * Required binaries: ip6tables-save, ip6tables.
     * Supported features: address_type, connection_limiting, conntrack, dnat, hop_limiting, icmp_match,
     interface_match, iprange, ipsec_dir, ipsec_policy, ipset, iptables, isfirstfrag,
-    ishasmorefrags, islastfrag, length, log_level, log_prefix, log_uid, mark, mask, mss,
+    ishasmorefrags, islastfrag, length, log_level, log_prefix, log_uid,
+    log_tcp_sequence, log_tcp_options, log_ip_options, mask, mss,
     owner, pkttype, queue_bypass, queue_num, rate_limiting, recent_limiting, reject_type,
     snat, socket, state_match, string_matching, tcp_flags, hashlimit, bpf.
 
@@ -135,7 +136,8 @@ installed.
     * Default for kernel == linux.
     * Supported features: address_type, clusterip, connection_limiting, conntrack, dnat, icmp_match,
     interface_match, iprange, ipsec_dir, ipsec_policy, ipset, iptables, isfragment, length,
-    log_level, log_prefix, log_uid, mark, mask, mss, netmap, nflog_group, nflog_prefix,
+    log_level, log_prefix, log_uid, log_tcp_sequence, log_tcp_options, log_ip_options,
+    mark, mask, mss, netmap, nflog_group, nflog_prefix,
     nflog_range, nflog_threshold, owner, pkttype, queue_bypass, queue_num, rate_limiting,
     recent_limiting, reject_type, snat, socket, state_match, string_matching, tcp_flags, bpf.
 
@@ -180,6 +182,12 @@ installed.
 
   * log_uid: The ability to log the userid of the process which generated the packet.
 
+  * log_tcp_sequence: The ability to log TCP sequence numbers.
+
+  * log_tcp_options: The ability to log TCP packet header.
+
+  * log_ip_options: The ability to log IP/IPv6 packet header.
+
   * mark: The ability to match or set the netfilter mark value associated with the packet.
 
   * mask: The ability to match recent rules based on the ipv4 mask.
@@ -593,6 +601,27 @@ Valid values: `true`, `false`
 When combined with jump => "LOG" specifies the uid of the process making
 the connection.
 
+##### `log_tcp_sequence`
+
+Valid values: `true`, `false`
+
+When combined with jump => "LOG" enables logging of the TCP sequence
+numbers.
+
+##### `log_tcp_options`
+
+Valid values: `true`, `false`
+
+When combined with jump => "LOG" logging of the TCP packet
+header.
+
+##### `log_ip_options`
+
+Valid values: `true`, `false`
+
+When combined with jump => "LOG" logging of the TCP IP/IPv6
+packet header.
+
 ##### `nflog_group`
 
 Used with the jump target NFLOG.
diff --git a/metadata.json b/metadata.json
index ad78d24e5abd5c7f7a57a945cdc9c6c0da8838cb..0976c2a9ad9b3bbe6ad3e36a2aea8a2fd98701e1 100644 (file)
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-firewall",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "author": "puppetlabs",
   "summary": "Manages Firewalls such as iptables",
   "license": "Apache-2.0",