56 lines
1.3 KiB
Markdown
56 lines
1.3 KiB
Markdown
|
||
## v1.3
|
||
|
||
### Features
|
||
* Provide the systemd unit.
|
||
|
||
## v1.2.3
|
||
* Rename firewall table to filter table (most use on Debian).
|
||
|
||
## v1.2.2
|
||
|
||
### Fix
|
||
* Set's name can't exceed 15 characters !
|
||
|
||
## v1.2.1
|
||
|
||
### Features
|
||
* Allow icmpv6 outgoing traffic.
|
||
|
||
## v1.2
|
||
|
||
### Features
|
||
* Ensure to remove old packages (iptables,…).
|
||
|
||
### Fixes
|
||
* Ensure to create the the directory to store the differents configuration files (/etc/nftables.d).
|
||
|
||
## v1.1
|
||
|
||
### Features
|
||
* Manage nftables service at startup.
|
||
* Rollback to inet family to manage both ipv4 and ipv6.
|
||
* To allow multiple ports/range ports, it's possible to redifine vars or add a rule in a dict.
|
||
|
||
### Default Rules
|
||
* Use more sets and vars definitions for input/output to avoid multiple rules.
|
||
* Allow outgoing icmp.
|
||
* Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
|
||
* Allow outgoing OpenPGP HTTP requests.
|
||
|
||
## v1.0
|
||
|
||
### Features
|
||
* Install `nftables` package for Debian based distros.
|
||
* Generate `nftables` main configuration file.
|
||
* Manage global, input and output chains with three dicts.
|
||
* Manage vars, sets and maps definition file.
|
||
* Restart `nftables` service.
|
||
|
||
### Default Rules
|
||
* Drop blackhole set input packets.
|
||
* Allow localhost traffic.
|
||
* Allow DHCP traffic.
|
||
* Allow SSH input (otherwise Ansible won't work).
|
||
* Allow DNS request.
|