8c99073890
This patch adds support for ip6tables rules in TripleO, in a intuitive and flexible fashion. 1) Default firewal rules 'source' parameter to undef. It was 0.0.0.0/0 before but now undef, so we don't need complex logic to support ipv6 rules. undef will create empty source, which is the same as 0.0.0.0/0 or ::/0. 2) Automatically convert icmp rules to ipv6-icmp for ipv6 rules. 3) Automatically create IPv6 rules like it's for IPv4. 4) Only create rules that can be created, depending on source/destination ip version. This patch should be backward compatible and adds a layer of security for IPv6 deployments. If previous deployments were manually creating Ipv6 rules, it's possible that this patch will override them. Our framework is able to configure any rule, so it shouldn't be a problem for upgrades. Co-Authored-By: Ben Nemec <bnemec@redhat.com> Closes-Bug: #1654050 Change-Id: I98a00a9ae265d3e5854632e749cc8c3a1647298c |
||
|---|---|---|
| lib | ||
| manifests | ||
| releasenotes | ||
| spec | ||
| templates | ||
| .gitignore | ||
| .gitreview | ||
| .sync.yml | ||
| Gemfile | ||
| LICENSE | ||
| Puppetfile_extras | ||
| README.md | ||
| Rakefile | ||
| metadata.json | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.md
Team and repository tags
puppet-tripleo
Lightweight composition layer for Puppet TripleO.