---------------------------------------
+#### 0.2.0 - 2012/3/3
+
+This release introduces automatic persistence, removing the need for the previous manual dependency requirement for persistent the running rules to the OS persistence file.
+
+Previously you would have required the following in your site.pp (or some other global location):
+
+ # Always persist firewall rules
+ exec { 'persist-firewall':
+ command => $operatingsystem ? {
+ 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',
+ /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',
+ },
+ refreshonly => true,
+ }
+ Firewall {
+ notify => Exec['persist-firewall'],
+ before => Class['my_fw::post'],
+ require => Class['my_fw::pre'],
+ }
+ Firewallchain {
+ notify => Exec['persist-firewall'],
+ }
+ resources { "firewall":
+ purge => true
+ }
+
+You only need:
+
+ class { 'firewall': }
+ Firewall {
+ before => Class['my_fw::post'],
+ require => Class['my_fw::pre'],
+ }
+
+To install pre-requisites and to create dependencies on your pre & post rules. Consult the README for more information.
+
+##### Changes
+
+* Firewall class manifests (Dan Carley)
+* Firewall and firewallchain persistence (Dan Carley)
+* (GH-134) Autorequire iptables related packages (Dan Carley)
+* Typo in #persist_iptables OS normalisation (Dan Carley)
+* Tests for #persist_iptables (Dan Carley)
+* (GH-129) Replace errant return in autoreq block (Dan Carley)
+
+---------------------------------------
+
#### 0.1.1 - 2012/2/28
This release primarily fixes changing parameters in 3.x
### Installation
-Using the puppet-module gem, you can install it into your Puppet's
-module path. If you are not sure where your module path is try
+Using the puppet-module gem, you can install it into your Puppet's
+module path. If you are not sure where your module path is try
this command:
puppet --configprint modulepath
include firewall
-At the moment you need to provide some setup outside of what we provide in the
+At the moment you need to provide some setup outside of what we provide in the
module to support proper ordering and purging.
Persistence of rules between reboots is handled automatically for the
resources { "firewall":
purge => true
}
-
+
# These defaults ensure that the pre & post classes are run in the right
# order to avoid potentially locking you out of your box during the
# first puppet run.
require => Class['my_fw::pre'],
}
-You also need to declare the 'my_fw::pre' & 'my_fw::post' classes so that
-dependencies are satisfied. This can be achieved using an External Node
+You also need to declare the 'my_fw::pre' & 'my_fw::post' classes so that
+dependencies are satisfied. This can be achieved using an External Node
Classifier or the following::
class { 'my_fw::pre': }
Firewall {
require => undef,
}
-
+
# Default firewall rules
firewall { '000 accept all icmp':
proto => 'icmp',
* OpenBSD (pf)
* Cisco (ASA and basic access lists)
-If you have knowledge in these technology, know how to code and wish to contribute
+If you have knowledge in these technology, know how to code and wish to contribute
to this project we would welcome the help.
### Testing
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff