use dedicated conntrack parameters

author: Fabien COMBERNOUS <fabien.combernous@adullact.org> 2019-11-01 14:12:30 +0100
committer: Tim Meusel <tim@bastelfreak.de> 2020-04-21 11:54:58 +0200
commit: 91fa3bcde36896eedade89911df93bbf58b6609b (patch)
tree: 1bfa33e2712c03e0dc201ec104e28974b8e79614 /manifests/chain.pp
parent: 9b71e958f45f50071203eaa7d6aac445ee31ff14 (diff)
download: puppet-ferm-91fa3bcde36896eedade89911df93bbf58b6609b.tar.gz
puppet-ferm-91fa3bcde36896eedade89911df93bbf58b6609b.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/manifests/chain.pp b/manifests/chain.pp
index b66ef7f..0593cc8 100644
--- a/manifests/chain.pp
+++ b/manifests/chain.pp
@@ -7,7 +7,7 @@
 #     log_dropped_packets => true,
 #   }
 #
-# @param disable_conntrack Disable/Enable usage of conntrack
+# @param disable_conntrack Disable/Enable usage of conntrack. By default, we enable conntrack only for the filter INPUT chain
 # @param log_dropped_packets Enable/Disable logging of packets to the kernel log, if no explicit chain matched
 # @param policy Set the default policy for CHAIN (works only for builtin chains)
 #   Allowed values: (ACCEPT|DROP) (see Ferm::Policies type)
@@ -18,8 +18,8 @@
 # @param ip_versions Set list of versions of ip we want ot use.
 #
 define ferm::chain (
-  Boolean $disable_conntrack,
   Boolean $log_dropped_packets,
+  Boolean $disable_conntrack           = true,
   String[1] $chain                     = $name,
   Optional[Ferm::Policies] $policy     = undef,
   Ferm::Tables $table                  = 'filter',
author	Fabien COMBERNOUS <fabien.combernous@adullact.org>	2019-11-01 14:12:30 +0100
committer	Tim Meusel <tim@bastelfreak.de>	2020-04-21 11:54:58 +0200
commit	91fa3bcde36896eedade89911df93bbf58b6609b (patch)
tree	1bfa33e2712c03e0dc201ec104e28974b8e79614 /manifests/chain.pp
parent	9b71e958f45f50071203eaa7d6aac445ee31ff14 (diff)
download	puppet-ferm-91fa3bcde36896eedade89911df93bbf58b6609b.tar.gz puppet-ferm-91fa3bcde36896eedade89911df93bbf58b6609b.tar.bz2