From: Ken Barber Date: Mon, 4 Mar 2013 05:06:13 +0000 (-0800) Subject: Release 0.2.0 X-Git-Tag: 0.2.0~1^2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=97a63a881b05dc64be45b12bb1f8358af38654da;p=puppet-modules%2Fpuppetlabs-firewall.git Release 0.2.0 Signed-off-by: Ken Barber --- diff --git a/Changelog b/Changelog index d1d7386..30ee83c 100644 --- a/Changelog +++ b/Changelog @@ -4,6 +4,53 @@ Release notes for puppetlabs-firewall module. --------------------------------------- +#### 0.2.0 - 2012/3/3 + +This release introduces automatic persistence, removing the need for the previous manual dependency requirement for persistent the running rules to the OS persistence file. + +Previously you would have required the following in your site.pp (or some other global location): + + # Always persist firewall rules + exec { 'persist-firewall': + command => $operatingsystem ? { + 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4', + /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables', + }, + refreshonly => true, + } + Firewall { + notify => Exec['persist-firewall'], + before => Class['my_fw::post'], + require => Class['my_fw::pre'], + } + Firewallchain { + notify => Exec['persist-firewall'], + } + resources { "firewall": + purge => true + } + +You only need: + + class { 'firewall': } + Firewall { + before => Class['my_fw::post'], + require => Class['my_fw::pre'], + } + +To install pre-requisites and to create dependencies on your pre & post rules. Consult the README for more information. + +##### Changes + +* Firewall class manifests (Dan Carley) +* Firewall and firewallchain persistence (Dan Carley) +* (GH-134) Autorequire iptables related packages (Dan Carley) +* Typo in #persist_iptables OS normalisation (Dan Carley) +* Tests for #persist_iptables (Dan Carley) +* (GH-129) Replace errant return in autoreq block (Dan Carley) + +--------------------------------------- + #### 0.1.1 - 2012/2/28 This release primarily fixes changing parameters in 3.x diff --git a/Modulefile b/Modulefile index 350e2e7..53306bb 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-firewall' -version '0.1.1' +version '0.2.0' source 'git://github.com/puppetlabs/puppetlabs-firewall.git' author 'puppetlabs' license 'ASL 2.0' diff --git a/README.markdown b/README.markdown index 421afd7..9aa9b07 100644 --- a/README.markdown +++ b/README.markdown @@ -45,8 +45,8 @@ accessing a development version or early release of the code. ### Installation -Using the puppet-module gem, you can install it into your Puppet's -module path. If you are not sure where your module path is try +Using the puppet-module gem, you can install it into your Puppet's +module path. If you are not sure where your module path is try this command: puppet --configprint modulepath @@ -83,7 +83,7 @@ currently supported operating systems: include firewall -At the moment you need to provide some setup outside of what we provide in the +At the moment you need to provide some setup outside of what we provide in the module to support proper ordering and purging. Persistence of rules between reboots is handled automatically for the @@ -100,7 +100,7 @@ It is recommended that you provide the following in top scope somewhere resources { "firewall": purge => true } - + # These defaults ensure that the pre & post classes are run in the right # order to avoid potentially locking you out of your box during the # first puppet run. @@ -109,8 +109,8 @@ It is recommended that you provide the following in top scope somewhere require => Class['my_fw::pre'], } -You also need to declare the 'my_fw::pre' & 'my_fw::post' classes so that -dependencies are satisfied. This can be achieved using an External Node +You also need to declare the 'my_fw::pre' & 'my_fw::post' classes so that +dependencies are satisfied. This can be achieved using an External Node Classifier or the following:: class { 'my_fw::pre': } @@ -133,7 +133,7 @@ An example of the pre class would be: Firewall { require => undef, } - + # Default firewall rules firewall { '000 accept all icmp': proto => 'icmp', @@ -258,7 +258,7 @@ But plans are to support lots of other firewall implementations: * OpenBSD (pf) * Cisco (ASA and basic access lists) -If you have knowledge in these technology, know how to code and wish to contribute +If you have knowledge in these technology, know how to code and wish to contribute to this project we would welcome the help. ### Testing