diff options
author | Tim Meusel <tim@bastelfreak.de> | 2020-04-21 13:12:47 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-21 13:12:47 +0200 |
commit | c34c528537cd9baa7057588d628a36843d63b015 (patch) | |
tree | 1bfa33e2712c03e0dc201ec104e28974b8e79614 /REFERENCE.md | |
parent | 9b71e958f45f50071203eaa7d6aac445ee31ff14 (diff) | |
parent | 91fa3bcde36896eedade89911df93bbf58b6609b (diff) | |
download | puppet-ferm-c34c528537cd9baa7057588d628a36843d63b015.tar.gz puppet-ferm-c34c528537cd9baa7057588d628a36843d63b015.tar.bz2 |
Merge pull request #90 from Dan33l/add_conntrack_dedicated
use dedicated conntrack parameters / by default disable conntrack for new chains / by default enable conntrack for filter INPUT chain
Diffstat (limited to 'REFERENCE.md')
-rw-r--r-- | REFERENCE.md | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/REFERENCE.md b/REFERENCE.md index 2de98f6..4a3283a 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -112,11 +112,27 @@ Data type: `Stdlib::Absolutepath` Path to the directory where the module stores ferm configuration files -##### `disable_conntrack` +##### `forward_disable_conntrack` + +Data type: `Boolean` + +Enable/Disable the generation of conntrack rules for the FORWARD chain + +Default value: `true` + +##### `output_disable_conntrack` Data type: `Boolean` -Disable/Enable the generation of conntrack rules +Enable/Disable the generation of conntrack rules for the OUTPUT chain + +Default value: `true` + +##### `input_disable_conntrack` + +Data type: `Boolean` + +Enable/Disable the generation of conntrack rules for the INPUT chain Default value: `false` @@ -227,7 +243,9 @@ The following parameters are available in the `ferm::chain` defined type. Data type: `Boolean` -Disable/Enable usage of conntrack +Disable/Enable usage of conntrack. By default, we enable conntrack only for the filter INPUT chain + +Default value: `true` ##### `log_dropped_packets` |