]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commit
Code Review / puppet-modules / puppetlabs-firewall.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: db9dfbb) | patch
Support conntrack stateful firewall matching
authorColin Shea <colin@evaryont.me>
Wed, 16 Oct 2013 01:37:26 +0000 (18:37 -0700)
committerColin Shea <colin@evaryont.me>
Wed, 16 Oct 2013 01:42:04 +0000 (18:42 -0700)
commit13457a4ade45f4a46d64ceb4da9d2b9582c39fcd
tree4d81aefc193bc844a3e1b2de1ed33bb1aeda864btree | snapshot
parentdb9dfbb851aa3b5a7af8edc68c7492ddbb2c9683commit | diff
Support conntrack stateful firewall matching

Since Linux 3.7+ the "state" module has been removed from the kernel, leaving
only the "conntrack" module. This patch adds support for the conntrack module in
iptables by adding a new parameter to the firewall type, 'ctstate'.

Updates the README to demonstrate using the ctstate parameter instead of state
to nudge people to use it instead. This is safe as far as back to Linux kernel
2.6.18, so long as CONFIG_NF_CONNTRACK is enabled.
README.markdown diff | blob | history
lib/puppet/provider/firewall/ip6tables.rb diff | blob | history
lib/puppet/provider/firewall/iptables.rb diff | blob | history
lib/puppet/type/firewall.rb diff | blob | history
spec/fixtures/iptables/conversion_hash.rb diff | blob | history
spec/system/params_spec.rb diff | blob | history
spec/system/standard_usage_spec.rb diff | blob | history
spec/unit/puppet/type/firewall_spec.rb diff | blob | history