From: Ken Barber Date: Sun, 24 Feb 2013 14:49:43 +0000 (+0000) Subject: New changelog X-Git-Tag: 0.1.0^2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=fc2fd87e772ee9f12b6eb36443c1ff07725c3982;p=puppet-modules%2Fpuppetlabs-firewall.git New changelog Signed-off-by: Ken Barber --- diff --git a/Changelog b/Changelog new file mode 100644 index 0000000..e142ddb --- /dev/null +++ b/Changelog @@ -0,0 +1,186 @@ +## puppetlabs-firewall changelog + +Release notes for puppetlabs-firewall module. + +--------------------------------------- + +#### 0.1.0 - 2012/2/24 + +This release is somewhat belated, so no summary as there are far too many changes this time around. Hopefully we won't fall this far behind again :-). + +##### Changes + +* Add support for MARK target and set-mark property (Johan Huysmans) +* Fix broken call to super for ruby-1.9.2 in munge (Ken Barber) +* simple fix of the error message for allowed values of the jump property (Daniel Black) +* Adding OSPF(v3) protocol to puppetlabs-firewall (Arnoud Vermeer) +* Display multi-value: port, sport, dport and state command seperated (Daniel Black) +* Require jump=>LOG for log params (Daniel Black) +* Reject and document icmp => "any" (Dan Carley) +* add firewallchain type and iptables_chain provider (Daniel Black) +* Various fixes for firewallchain resource (Ken Barber) +* Modify firewallchain name to be chain:table:protocol (Ken Barber) +* Fix allvalidchain iteration (Ken Barber) +* Firewall autorequire Firewallchains (Dan Carley) +* Tests and docstring for chain autorequire (Dan Carley) +* Fix README so setup instructions actually work (Ken Barber) +* Support vlan interfaces (interface containing ".") (Johan Huysmans) +* Add tests for VLAN support for iniface/outiface (Ken Barber) +* Add the table when deleting rules (Johan Huysmans) +* Fix tests since we are now prefixing -t) +* Changed 'jump' to 'action', commands to lower case (Jason Short) +* Support interface names containing "+" (Simon Deziel) +* Fix for when iptables-save spews out "FATAL" errors (Sharif Nassar) +* Fix for incorrect limit command arguments for ip6tables provider (Michael Hsu) +* Document Util::Firewall.host_to_ip (Dan Carley) +* Nullify addresses with zero prefixlen (Dan Carley) +* Add support for --tcp-flags (Thomas Vander Stichele) +* Make tcp_flags support a feature (Ken Barber) +* OUTPUT is a valid chain for the mangle table (Adam Gibbins) +* Enable travis-ci support (Ken Barber) +* Convert an existing test to CIDR (Dan Carley) +* Normalise iptables-save to CIDR (Dan Carley) +* be clearer about what distributions we support (Ken Barber) +* add gre protocol to list of acceptable protocols (Jason Hancock) +* Added pkttype property (Ashley Penney) +* Fix mark to not repeat rules with iptables 1.4.1+ (Sharif Nassar) +* Stub iptables_version for now so tests run on non-Linux hosts (Ken Barber) +* Stub iptables facts for set_mark tests (Dan Carley) +* Update formatting of README to meet Puppet Labs best practices (Will Hopper) +* Support for ICMP6 type code resolutions (Dan Carley) +* Insert order hash included chains from different tables (Ken Barber) +* rspec 2.11 compatibility (Jonathan Boyett) +* Add missing class declaration in README (sfozz) +* array_matching is contraindicated (Sharif Nassar) +* Convert port Fixnum into strings (Sharif Nassar) +* Update test framework to the modern age (Ken Barber) +* working with ip6tables support (wuwx) +* Remove gemfile.lock and add to gitignore (William Van Hevelingen) +* Update travis and gemfile to be like stdlib travis files (William Van Hevelingen) +* Add support for -m socket option (Ken Barber) +* Add support for single --sport and --dport parsing (Ken Barber) +* Fix tests for Ruby 1.9.3 from 3e13bf3 (Dan Carley) +* Mock Resolv.getaddress in #host_to_ip (Dan Carley) +* Update docs for source and dest - they are not arrays (Ken Barber) + +--------------------------------------- + +#### 0.0.4 - 2011/12/05 + +This release adds two new parameters, 'uid' and 'gid'. As a part of the owner module, these params allow you to specify a uid, username, gid, or group got a match: + + firewall { '497 match uid': + port => '123', + proto => 'mangle', + chain => 'OUTPUT', + action => 'drop' + uid => '123' + } + +This release also adds value munging for the 'log_level', 'source', and 'destination' parameters. The 'source' and 'destination' now support hostnames: + + firewall { '498 accept from puppetlabs.com': + port => '123', + proto => 'tcp', + source => 'puppetlabs.com', + action => 'accept' + } + + +The 'log_level' parameter now supports using log level names, such as 'warn', 'debug', and 'panic': + + firewall { '499 logging': + port => '123', + proto => 'udp', + log_level => 'debug', + action => 'drop' + } + +Additional changes include iptables and ip6tables version facts, general whitespace cleanup, and adding additional unit tests. + +##### Changes + +* (#10957) add iptables_version and ip6tables_version facts +* (#11093) Improve log_level property so it converts names to numbers +* (#10723) Munge hostnames and IPs to IPs with CIDR +* (#10718) Add owner-match support +* (#10997) Add fixtures for ipencap +* (#11034) Whitespace cleanup +* (#10690) add port property support to ip6tables + +--------------------------------------- + +#### 0.0.3 - 2011/11/12 + +This release introduces a new parameter 'port' which allows you to set both +source and destination ports for a match: + + firewall { "500 allow NTP requests": + port => "123", + proto => "udp", + action => "accept", + } + +We also have the limit parameter finally working: + + firewall { "500 limit HTTP requests": + dport => 80, + proto => tcp, + limit => "60/sec", + burst => 30, + action => accept, + } + +State ordering has been fixed now, and more characters are allowed in the +namevar: + +* Alphabetical +* Numbers +* Punctuation +* Whitespace + +##### Changes + +* (#10693) Ensure -m limit is added for iptables when using 'limit' param +* (#10690) Create new port property +* (#10700) allow additional characters in comment string +* (#9082) Sort iptables --state option values internally to keep it consistent across runs +* (#10324) Remove extraneous whitespace from iptables rule line in spec tests + +--------------------------------------- + +#### 0.0.2 - 2011/10/26 + +This is largely a maintanence and cleanup release, but includes the ability to +specify ranges of ports in the sport/dport parameter: + + firewall { "500 allow port range": + dport => ["3000-3030","5000-5050"], + sport => ["1024-65535"], + action => "accept", + } + +##### Changes + +* (#10295) Work around bug #4248 whereby the puppet/util paths are not being loaded correctly on the puppetmaster +* (#10002) Change to dport and sport to handle ranges, and fix handling of name to name to port +* (#10263) Fix tests on Puppet 2.6.x +* (#10163) Cleanup some of the inline documentation and README file to align with general forge usage + +--------------------------------------- + +#### 0.0.1 - 2011/10/18 + +Initial release. + +##### Changes + +* (#9362) Create action property and perform transformation for accept, drop, reject value for iptables jump parameter +* (#10088) Provide a customised version of CONTRIBUTING.md +* (#10026) Re-arrange provider and type spec files to align with Puppet +* (#10026) Add aliases for test,specs,tests to Rakefile and provide -T as default +* (#9439) fix parsing and deleting existing rules +* (#9583) Fix provider detection for gentoo and unsupported linuxes for the iptables provider +* (#9576) Stub provider so it works properly outside of Linux +* (#9576) Align spec framework with Puppet core +* and lots of other earlier development tasks ...