Merge pull request #88 from Dan33l/revert-pr81

revert PR81

2 files changed, 4 insertions, 4 deletions

diff --git a/manifests/config.pp b/manifests/config.pp
index 16ecd9e..7dae7a5 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -49,12 +49,12 @@ class ferm::config {
   }
   ferm::chain{'FORWARD':
     policy              => $ferm::forward_policy,
-    disable_conntrack   => true,
+    disable_conntrack   => $ferm::disable_conntrack,
     log_dropped_packets => $ferm::forward_log_dropped_packets,
   }
   ferm::chain{'OUTPUT':
     policy              => $ferm::output_policy,
-    disable_conntrack   => true,
+    disable_conntrack   => $ferm::disable_conntrack,
     log_dropped_packets => $ferm::output_log_dropped_packets,
   }
 
diff --git a/spec/acceptance/ferm_spec.rb b/spec/acceptance/ferm_spec.rb
index f827dc2..c5018da 100644
--- a/spec/acceptance/ferm_spec.rb
+++ b/spec/acceptance/ferm_spec.rb
@@ -32,7 +32,7 @@ basic_manifest = %(
     manage_configfile => true,
     manage_initfile   => #{manage_initfile}, # CentOS-6 does not provide init script
     forward_policy    => 'DROP',
-    output_policy     => 'ACCEPT',
+    output_policy     => 'DROP',
     input_policy      => 'DROP',
     rules             => {
       'allow_acceptance_tests' => {
@@ -66,7 +66,7 @@ describe 'ferm' do
     end
 
     describe command('iptables-save') do
-      its(:stdout) { is_expected.to match %r{.*filter.*:INPUT DROP.*:FORWARD DROP.*:OUTPUT ACCEPT.*}m }
+      its(:stdout) { is_expected.to match %r{.*filter.*:INPUT DROP.*:FORWARD DROP.*:OUTPUT DROP.*}m }
     end
 
     describe iptables do