]> git.openstreetmap.org Git - chef.git/history - cookbooks/networking/templates
Remove old cogent addresses from various ACLs
[chef.git] / cookbooks / networking / templates /
2023-05-24 Tom HughesUse source routing to pick the correct external network...
2023-03-24 Tom HughesMake sure meraxes holds a DHCPv6 lease
2023-03-21 Tom HughesIgnore additional routes that point at ourselves
2023-03-20 Tom HughesUse correct gateway for additional routes
2023-03-20 Tom HughesAdd support for using systemd-networkd directly instead...
2023-03-20 Tom HughesDrop support for Ubuntu 18.04
2023-03-18 Tom HughesFix nftable stop on gateway machines
2023-03-18 Tom HughesMerge interface families
2023-03-12 Tom HughesAdd tools to block and unblock addresses
2023-03-12 Tom HughesPreserve blocklists over firewall restarts
2023-03-12 Tom HughesRemove unused template
2023-03-11 Tom HughesGeneralise configuration of firewall sets
2023-03-11 Tom HughesFix newline suppression in ERB template
2023-03-08 Tom HughesDon't filter outgoing multicast packets
2023-03-07 Tom HughesFix icmp echo rate limiting
2023-03-07 Tom HughesReintroduce helper support and implement it
2023-03-07 Tom HughesUse interval sets for blocklists
2023-03-07 Tom HughesRename firewall tables to avoid any clash with iptables
2023-03-06 Tom HughesDrop support for shorewall
2023-03-05 Tom HughesDon't expire connection limit sets
2023-03-05 Tom HughesExpire rate limit sets
2023-03-05 Tom HughesRemove size limits on firewall sets
2023-03-05 Tom HughesEnable rate limits
2023-03-05 Tom HughesAllow AWS DNS queries through the firewall
2023-03-05 Tom HughesMatch interfaces by name so we can start nftables befor...
2023-03-05 Tom HughesLimit NAT to IPv4 interfaces
2023-03-04 Tom HughesFix typo
2023-03-04 Tom HughesFix flag matches to work on 20.04
2023-03-04 Tom HughesHandle machines with no external interface
2023-03-04 Tom HughesBlock unspecified and multicast addresses on the outside
2023-03-04 Tom HughesLimit echo on a per source basis
2023-03-04 Tom HughesMake nftables block various invalid TCP flag combinations
2023-03-04 Tom HughesDon't log rate limited echo request packets
2023-03-04 Tom HughesAvoid dropping third party tables when stopping an...
2023-03-04 Tom HughesEliminate need for dummy addresses in when running...
2023-03-04 Tom HughesRevert "Only flush our table to avoid disrupting other...
2023-03-04 Tom HughesOnly flush our table to avoid disrupting other nftables...
2023-03-04 Tom HughesUse named sets for OSM IP addresses
2023-03-04 Tom HughesUse strings for network families
2023-03-04 Tom HughesAdd support for using an nftables based firewall
2022-12-10 Tom HughesMerge remote-tracking branch 'github/pull/528'
2022-10-12 Grant Slatershorewall: minor config align to upstream
2022-08-02 Grant SlaterMerge remote-tracking branch 'tigerfell/pr257'
2022-07-11 Tom HughesUpdate shorewall to use snat configuration file instead...
2021-09-19 Tom HughesAdd equinix-dub role
2021-08-25 Tom HughesMerge remote-tracking branch 'github/pull/440'
2021-08-25 Grant SlaterAdd shorewall stoppedrules support
2021-08-25 Grant SlaterAdd docker support to shorewall
2021-05-11 Tom HughesSort wireguard peers to keep file content stable
2021-03-09 TigerfellMerge branch 'patch-2' of https://github.com/Tigerfell...
2020-09-18 Tom HughesEstabish tunnels between shenron and gateway machines
2020-09-15 Tom HughesRemove a few legacy settings
2020-09-14 Tom HughesConfigure v4 address for wireguard endpoints with an...
2020-09-14 Tom HughesFix configuration of wireguard keys on 18.04
2020-09-14 Tom HughesAdd routes to wireguard peers
2020-09-13 Tom HughesAdd basic infrastructure for wireguard tunnels
2020-04-16 Tom HughesMake configuration of hostname work properly
2020-04-13 Tom HughesRemove firewall zones which are no longer used
2020-01-07 Tom HughesDisable DNSSEC validation at equinix
2019-11-23 Grant SlaterAdd a systemd-resolved FallbackDNS list
2019-05-20 Tom HughesAttempt to override the FQDN on fume
2019-04-04 Tom HughesMerge remote-tracking branch 'github/pull/225'
2019-03-22 Tom HughesEnable DNSSEC in allow-dowgrade mode
2019-03-21 Tom HughesAdd optional support for using systemd-resolved
2019-03-21 Tom HughesRemove support for ifupdown based networking
2019-03-19 Tom HughesAdd optional support for generating netplan configuration
2019-03-15 Tom HughesDisable unsupported firewall features on boitata
2019-01-19 Tom HughesDrop support for older Ubuntu versions
2019-01-04 Tom HughesAdd role for norbert
2018-12-16 Grant SlaterAdd helper support to firewall_rule
2018-09-25 Tom HughesAdd role for cherufe
2018-08-02 Tom HughesModernise shorewall configuration
2018-08-02 Tom HughesDon't disable loopback connection tracking on 14.04
2018-08-02 Tom HughesDisable tracking of loopback connections
2018-07-28 Tom HughesFix typo
2018-07-28 Tom HughesAdd role for noomoahk
2018-07-25 Tom HughesAdd ic firewall zone back
2018-07-24 Tom HughesUpdate configuration for move from Imperial to Amsterdam
2018-05-08 Tom HughesAdd role for ascalon
2017-10-17 Tom HughesAdd role for komodo
2017-10-16 Tom HughesTune bonding on odin
2017-05-25 Tom HughesAdd role for ladon
2017-03-29 Tom HughesAdd role for angor
2017-01-26 Tom HughesMerge remote-tracking branch 'github/pull/102'
2017-01-07 Tom HughesAdd role for kalessin
2016-12-09 Tom HughesAdd role for scorch
2016-12-07 Tom HughesSpecify raw device explicitly for vlan interfaces
2016-10-09 Tom HughesAdd role for culebre
2016-09-25 Tom HughesAdd a per-IP connection limit on planet.osm.org
2016-09-10 Tom HughesAdd shorewall zone for odin
2016-08-14 Tom HughesMerge remote-tracking branch 'github/pull/79'
2016-08-14 Tom HughesRework firewall rule handling
2016-05-16 Tom HughesOnly use ?SECTION on 16.04
2016-05-16 Tom HughesAdd leading ? to SECTION line in shorewall rules
2016-05-16 Tom HughesRemove some deprecated shorewall config options
2016-05-08 Tom HughesBring up slave interfaces
2016-05-05 Tom HughesAdd support for bonding and VLANs
2016-05-03 Tom HughesConfigure external address for fafnir
2016-03-21 Tom HughesRevert "Explcitly disable IPv6 on the IC internal network"
2016-03-21 Tom HughesExplcitly disable IPv6 on the IC internal network
next