f6d398a7da
This patch adds support for ip6tables rules in TripleO, in a intuitive
and flexible fashion.
1) Default firewal rules 'source' parameter to undef.
It was 0.0.0.0/0 before but now undef, so we don't need complex logic to
support ipv6 rules. undef will create empty source, which is the same as
0.0.0.0/0 or ::/0.
2) Automatically convert icmp rules to ipv6-icmp for ipv6 rules.
3) Automatically create IPv6 rules like it's for IPv4.
4) Only create rules that can be created, depending on
source/destination ip version.
This patch should be backward compatible and adds a layer of security
for IPv6 deployments. If previous deployments were manually creating
Ipv6 rules, it's possible that this patch will override them. Our
framework is able to configure any rule, so it shouldn't be a problem
for upgrades.
Note: the code had to be partially rewritten because of Puppet3 vs
Puppet4.
Co-Authored-By: Ben Nemec <bnemec@redhat.com>
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Closes-Bug: #1654050
Change-Id: I98a00a9ae265d3e5854632e749cc8c3a1647298c
(cherry picked from commit
|
||
|---|---|---|
| lib | ||
| manifests | ||
| releasenotes/notes | ||
| spec | ||
| templates | ||
| zuul.d | ||
| .gitignore | ||
| .gitreview | ||
| .sync.yml | ||
| Gemfile | ||
| LICENSE | ||
| Puppetfile_extras | ||
| README.md | ||
| Rakefile | ||
| bindep.txt | ||
| metadata.json | ||
README.md
puppet-tripleo
Lightweight composition layer for Puppet TripleO.