2017-08-09 11:41:09 +02:00
|
|
|
|
2017-08-16 13:56:50 +02:00
|
|
|
## v1.1
|
2017-08-09 14:27:07 +02:00
|
|
|
|
|
|
|
|
### Features
|
|
|
|
|
* Manage nftables service at startup.
|
2017-08-09 15:01:35 +02:00
|
|
|
* Rollback to inet family to manage both ipv4 and ipv6.
|
2017-08-09 17:14:26 +02:00
|
|
|
* To allow multiple ports/range ports, it's possible to redifine vars or add a rule in a dict.
|
2017-08-09 14:27:07 +02:00
|
|
|
|
2017-08-09 14:56:20 +02:00
|
|
|
### Default Rules
|
2017-08-09 17:14:26 +02:00
|
|
|
* Use more sets and vars definitions for input/output to avoid multiple rules.
|
2017-08-09 16:04:54 +02:00
|
|
|
* Allow outgoing icmp.
|
2017-08-09 16:08:52 +02:00
|
|
|
* Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
|
2017-08-11 13:46:50 +02:00
|
|
|
* Allow outgoing OpenPGP HTTP requests.
|
2017-08-09 14:56:20 +02:00
|
|
|
|
2017-08-09 11:41:09 +02:00
|
|
|
## v1.0
|
|
|
|
|
|
|
|
|
|
### Features
|
|
|
|
|
* Install `nftables` package for Debian based distros.
|
|
|
|
|
* Generate `nftables` main configuration file.
|
|
|
|
|
* Manage global, input and output chains with three dicts.
|
|
|
|
|
* Manage vars, sets and maps definition file.
|
|
|
|
|
* Restart `nftables` service.
|
|
|
|
|
|
|
|
|
|
### Default Rules
|
|
|
|
|
* Drop blackhole set input packets.
|
|
|
|
|
* Allow localhost traffic.
|
|
|
|
|
* Allow DHCP traffic.
|
|
|
|
|
* Allow SSH input (otherwise Ansible won't work).
|
|
|
|
|
* Allow DNS request.
|
