diff options
| author | Tim Meusel <tim@bastelfreak.de> | 2020-04-15 09:57:09 +0200 |
|---|---|---|
| committer | Tim Meusel <tim@bastelfreak.de> | 2020-04-21 13:57:49 +0200 |
| commit | cd38691675da20ff4f38f18b2505955694ea56e4 (patch) | |
| tree | 9214c865a224b44d9a21a78ebee86954c7e6fe8d /REFERENCE.md | |
| parent | c34c528537cd9baa7057588d628a36843d63b015 (diff) | |
| download | puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.gz puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.bz2 | |
make dropping of pakets marked as invalid optional
Diffstat (limited to 'REFERENCE.md')
| -rw-r--r-- | REFERENCE.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/REFERENCE.md b/REFERENCE.md index 4a3283a..ec71f8f 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -160,6 +160,14 @@ Default policy for the INPUT chain Default value: 'DROP' +##### `input_drop_invalid_packets_with_conntrack` + +Data type: `Boolean` + +Enable/Disable the `mod conntrack ctstate INVALID DROP` statement. Only works if `$disable_conntrack` is `false`. You can set this to false if your policy is DROP. This only effects the INPUT chain. + +Default value: `false` + ##### `rules` Data type: `Hash` @@ -247,6 +255,14 @@ Disable/Enable usage of conntrack. By default, we enable conntrack only for the Default value: `true` +##### `drop_invalid_packets_with_conntrack` + +Data type: `Boolean` + +Enable/Disable the `mod conntrack ctstate INVALID DROP` statement. Only works if `$disable_conntrack` is `false` in this chain. You can set this to false if your policy is DROP. + +Default value: `false` + ##### `log_dropped_packets` Data type: `Boolean` |