From 9cd6b1e859c67d364bbb52931b2d2d998696f0a0 Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 20 Aug 2015 11:08:08 +0100 Subject: [PATCH] release prep --- CHANGELOG.md | 8 ++++++++ README.markdown | 2 +- metadata.json | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a045a3a..7de1bb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +##2015-08-25 - Supported Release 1.7.1 +###Summary + +This is a bugfix release to deprecate the port parameter. Using the unspecific 'port' parameter can lead to firewall rules that are unexpectedly too lax. It is recommended to always use the specific dport and sport parameters to avoid this ambiguity. + +####Bugfixes +- Deprecate the port parameter + ##2015-07-28 - Supported Release 1.7.0 ###Summary diff --git a/README.markdown b/README.markdown index f2b46a0..0a0807f 100644 --- a/README.markdown +++ b/README.markdown @@ -621,7 +621,7 @@ firewall { '999 this runs last': * `pkttype`: Sets the packet type to match. Valid values are: 'unicast', 'broadcast', and'multicast'. Requires the `pkttype` feature. -* `port`: *DEPRECATED* The destination or source port to match for this filter (if the protocol supports ports). Will accept a single element or an array. For some firewall providers you can pass a range of ports in the format: 'start number-end number'. For example, '1-1024' would cover ports 1 to 1024. +* `port`: *DEPRECATED* Using the unspecific 'port' parameter can lead to firewall rules that are unexpectedly too lax. It is recommended to always use the specific dport and sport parameters to avoid this ambiguity. The destination or source port to match for this filter (if the protocol supports ports). Will accept a single element or an array. For some firewall providers you can pass a range of ports in the format: 'start number-end number'. For example, '1-1024' would cover ports 1 to 1024. * `proto`: The specific protocol to match for this rule. This is 'tcp' by default. Valid values are: * 'tcp' diff --git a/metadata.json b/metadata.json index 9762723..e1ac5e0 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-firewall", - "version": "1.7.0", + "version": "1.7.1", "author": "Puppet Labs", "summary": "Manages Firewalls such as iptables", "license": "Apache-2.0", -- 2.45.2