Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

start declaring the 'global' chain with module resources #73

Merged
merged 2 commits into from
Feb 14, 2021
Merged

start declaring the 'global' chain with module resources #73

merged 2 commits into from
Feb 14, 2021

Conversation

lelutin
Copy link
Contributor

@lelutin lelutin commented Feb 11, 2021

the 'global' chain is a vestigial piece of early development on this
module, but it can be useful for creating fast short-circuits like
blocking traffic that match a certain set of IPs.

in the current state we can't inject rules inside the 'global' chain
since it's unknown to puppet. so let's remove the hard-coded definition
and use a puppet resource to declare it.

@lelutin
start declaring the 'global' chain with module resources
1a4f336 
the 'global' chain is a vestigial piece of early development on this
module, but it can be useful for creating fast short-circuits like
blocking traffic that match a certain set of IPs.

in the current state we can't inject rules inside the 'global' chain
since it's unknown to puppet. so let's remove the hard-coded definition
and use a puppet resource to declare it.
@nbarrientos
Copy link
Collaborator

nbarrientos commented Feb 12, 2021
edited
Loading

Sound good. Could perhaps some extra test coverage be added to spec/classes/inet_filter_spec.rb at the same time to make sure that the chain is created and to cover regressions?

@nbarrientos nbarrientos added the enhancement New feature or request label Feb 12, 2021
@duritong
Copy link
Collaborator

yeah, let's add a spec and merge.

@lelutin
Copy link
Contributor Author

lelutin commented Feb 14, 2021

@nbarrientos ah yes good point, I forgot to add tests. I've just sent the added tests, let's see how CI likes them (at least locally they were failing on the master branch and successful on top of this branch)

nbarrientos
nbarrientos approved these changes Feb 14, 2021
View reviewed changes
Copy link
Collaborator

@nbarrientos nbarrientos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@duritong duritong merged commit 942569e into voxpupuli:master Feb 14, 2021
@duritong
Copy link
Collaborator

thank you!

figless pushed a commit to figless/puppet-nftables that referenced this pull request Aug 25, 2021
@nbarrientos
Squashed 'code/' changes from bd0d799..05c7f19
d756019 
05c7f19 Release 1.2.0 (voxpupuli#76)
92e0fcb fix voxpupuli#74 - ensure table are initialized before flushing them (voxpupuli#75)
942569e Merge pull request voxpupuli#73 from Koumbit/global_chain_not_hardcoded
cf38fe4 create tests for presence of the "global" chain
1a4f336 start declaring the 'global' chain with module resources
ca0e975 Bump version to 1.1.2-rc0 (voxpupuli#72)

git-subtree-dir: code
git-subtree-split: 05c7f19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nbarrientos nbarrientos nbarrientos approved these changes

@duritong duritong duritong approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lelutin @nbarrientos @duritong