From 46e9ffd4aa542bb569cde244ed21bcfcac517715 Mon Sep 17 00:00:00 2001 From: Auto-release Date: Wed, 13 May 2020 10:10:47 +0000 Subject: [PATCH] Release version 2.4.0 --- CHANGELOG.md | 14 ++++++++++++++ REFERENCE.md | 33 +++++++++++++++++++++++++++++++-- metadata.json | 2 +- 3 files changed, 46 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7a3c6d..92a8097 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,20 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v2.4.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v2.4.0) (2020-05-13) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v2.3.0...v2.4.0) + +### Added + +- Add support for u32 module in iptables [\#917](https://github.com/puppetlabs/puppetlabs-firewall/pull/917) ([sanfrancrisko](https://github.com/sanfrancrisko)) +- Add support for cgroup arg [\#916](https://github.com/puppetlabs/puppetlabs-firewall/pull/916) ([akerl-unpriv](https://github.com/akerl-unpriv)) +- Extend LOG options [\#914](https://github.com/puppetlabs/puppetlabs-firewall/pull/914) ([martialblog](https://github.com/martialblog)) + +### Fixed + +- \(MODULES-8543\) Remove nftables' backend warning from iptables\_save outtput [\#911](https://github.com/puppetlabs/puppetlabs-firewall/pull/911) ([NITEMAN](https://github.com/NITEMAN)) + ## [v2.3.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v2.3.0) (2020-03-26) [Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v2.2.0...v2.3.0) diff --git a/REFERENCE.md b/REFERENCE.md index b5fd806..4b57a52 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -125,7 +125,8 @@ installed. * Required binaries: ip6tables-save, ip6tables. * Supported features: address_type, connection_limiting, conntrack, dnat, hop_limiting, icmp_match, interface_match, iprange, ipsec_dir, ipsec_policy, ipset, iptables, isfirstfrag, - ishasmorefrags, islastfrag, length, log_level, log_prefix, log_uid, mark, mask, mss, + ishasmorefrags, islastfrag, length, log_level, log_prefix, log_uid, + log_tcp_sequence, log_tcp_options, log_ip_options, mask, mss, owner, pkttype, queue_bypass, queue_num, rate_limiting, recent_limiting, reject_type, snat, socket, state_match, string_matching, tcp_flags, hashlimit, bpf. @@ -135,7 +136,8 @@ installed. * Default for kernel == linux. * Supported features: address_type, clusterip, connection_limiting, conntrack, dnat, icmp_match, interface_match, iprange, ipsec_dir, ipsec_policy, ipset, iptables, isfragment, length, - log_level, log_prefix, log_uid, mark, mask, mss, netmap, nflog_group, nflog_prefix, + log_level, log_prefix, log_uid, log_tcp_sequence, log_tcp_options, log_ip_options, + mark, mask, mss, netmap, nflog_group, nflog_prefix, nflog_range, nflog_threshold, owner, pkttype, queue_bypass, queue_num, rate_limiting, recent_limiting, reject_type, snat, socket, state_match, string_matching, tcp_flags, bpf. @@ -180,6 +182,12 @@ installed. * log_uid: The ability to log the userid of the process which generated the packet. + * log_tcp_sequence: The ability to log TCP sequence numbers. + + * log_tcp_options: The ability to log TCP packet header. + + * log_ip_options: The ability to log IP/IPv6 packet header. + * mark: The ability to match or set the netfilter mark value associated with the packet. * mask: The ability to match recent rules based on the ipv4 mask. @@ -593,6 +601,27 @@ Valid values: `true`, `false` When combined with jump => "LOG" specifies the uid of the process making the connection. +##### `log_tcp_sequence` + +Valid values: `true`, `false` + +When combined with jump => "LOG" enables logging of the TCP sequence +numbers. + +##### `log_tcp_options` + +Valid values: `true`, `false` + +When combined with jump => "LOG" logging of the TCP packet +header. + +##### `log_ip_options` + +Valid values: `true`, `false` + +When combined with jump => "LOG" logging of the TCP IP/IPv6 +packet header. + ##### `nflog_group` Used with the jump target NFLOG. diff --git a/metadata.json b/metadata.json index ad78d24..0976c2a 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-firewall", - "version": "2.3.0", + "version": "2.4.0", "author": "puppetlabs", "summary": "Manages Firewalls such as iptables", "license": "Apache-2.0", -- 2.45.2