Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-6305

The iptables module should allow inversion on "recent" extension

          Details

          • Type: Improvement
          • Status: Open
          • Priority: Normal
          • Resolution: Unresolved
          • Affects Version/s: None
          • Fix Version/s: None
          • Component/s: None
          • Template:
          • Epic Link:
          • Team:
            Modules
          • Sprint:
            Modules Triage
          • CS Priority:
            Reviewed

            Description

            The current version of the puppetlabs/firewall module does not support inversion of the iptables recent extension. For example, a firewall resource cannot be constructed to generate the rule:

            -A CUSTOM -m recent --name tracking ! --rcheck -j SET

            This inversion is supported by the underlying iptables command and is useful in setting up rate-limiting and preventing brute-force DDOS attacks.

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    adam.bottchen Adam Bottchen
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    4 Start watching this issue

                    Dates

                    • Created:
                      Updated:

                      Zendesk Support