Details
-
Improvement
-
Status: Open
-
Normal
-
Resolution: Unresolved
-
None
-
None
-
Modules
-
Modules Triage
-
Reviewed
Description
The current version of the puppetlabs/firewall module does not support inversion of the iptables recent extension. For example, a firewall resource cannot be constructed to generate the rule:
-A CUSTOM -m recent --name tracking ! --rcheck -j SET
|
This inversion is supported by the underlying iptables command and is useful in setting up rate-limiting and preventing brute-force DDOS attacks.
Attachments
Issue Links
- relates to
-
MODULES-9758 puppetlabs-firewall : Cilium. Skipping unparsable iptables rule
-
- In Progress
-
-
MODULES-450 Enable inverse of rules
-
- Closed
-