ansible.nftables/CHANGELOG.md

116 lines
3.0 KiB
Markdown
Raw Normal View History

2021-01-04 16:53:16 +01:00
## v1.7.0
### Features
* Allow to merge group variables with **nft_merged_groups** (#11 #12).
### Enhancements
* Debug var with **nft_debug** (useful to set up merging group variables).
* Extra example to override default variables.
### Fix
* Add missing ICMPv6 rule.
2020-04-21 09:57:55 +02:00
## v1.6.0
### Features
* Able to manage a new NAT table (with prerouting and postrouting chains).
2020-04-21 08:31:51 +02:00
* Block ipv6 multicast by default.
### Enhancements
* Clean tasks name and comments in tasks/main.yml file.
* Order and clean comments in defaults/main.yml file.
* Reload rules instead of restart to avoid to loose rulebase due to invalid syntax (#3 Github).
### Fix
* Fix deprecation warning with ansible 2.7: Invoking "apt" only once while
using a loop via squash_actions is deprecated.
* Turn nft_old_pkg_list into a list.
* Add libiptc0 (iptables dependency) to the list of old package to remove.
* The 10 minutes delay at first run (#1)!
## v1.5.0
### Enhancements
* Add a variable to disable "Protect" instructions in systemd unit.
* Improve vars description/comments in default/main.yml.
* Add a variable to manage custom content (table, include,…).
## v1.4.1
### Fix
* Set empty dependencies line to fix Galaxy warning.
* Add possibility to restart Fail2ban service.
* Use to_nice_json to manage packages list.
* Fix E405 Remote package tasks should have a retry.
## v1.4.0
### Enhancements
* Set a variable to enable/disable the support of Nftables.
* Move two tasks in systemd handler (try to fix #1).
* Add a additionnal level for all vars for all hosts (group_vars/all).
2017-08-09 11:41:09 +02:00
### Fix
* Deprecation warning for state "installed".
* The role now might require Ansible 2.5 (available in Debian Stable backports).
## v1.3.1
### Fix
* Reload systemd daemons only if unit file change.
## v1.3.0
2018-02-06 16:58:18 +01:00
### Features
* Provide the systemd unit.
## v1.2.3
* Rename firewall table to filter table (most use on Debian).
## v1.2.2
### Fix
* Set's name can't exceed 15 characters!
2017-08-25 17:05:42 +02:00
## v1.2.1
### Features
* Allow icmpv6 outgoing traffic.
## v1.2.0
### Features
* Ensure to remove old packages (iptables,…).
### Fixes
* Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
## v1.1.0
2017-08-09 14:27:07 +02:00
### Features
* Manage nftables service at startup.
* Rollback to inet family to manage both ipv4 and ipv6.
* To allow multiple ports/range ports, it's possible to redifine vars or add a rule in a dict.
2017-08-09 14:27:07 +02:00
### Default Rules
* Use more sets and vars definitions for input/output to avoid multiple rules.
2017-08-09 16:04:54 +02:00
* Allow outgoing icmp.
* Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
2017-08-11 13:46:50 +02:00
* Allow outgoing OpenPGP HTTP requests.
## v1.0.0
2017-08-09 11:41:09 +02:00
### Features
* Install `nftables` package for Debian based distros.
* Generate `nftables` main configuration file.
* Manage global, input and output chains with three dicts.
* Manage vars, sets and maps definition file.
* Restart `nftables` service.
### Default Rules
* Drop blackhole set input packets.
* Allow localhost traffic.
* Allow DHCP traffic.
* Allow SSH input (otherwise Ansible won't work).
* Allow DNS request.