diff options
author | Tim Meusel <tim@bastelfreak.de> | 2020-04-15 09:57:09 +0200 |
---|---|---|
committer | Tim Meusel <tim@bastelfreak.de> | 2020-04-21 13:57:49 +0200 |
commit | cd38691675da20ff4f38f18b2505955694ea56e4 (patch) | |
tree | 9214c865a224b44d9a21a78ebee86954c7e6fe8d /manifests/init.pp | |
parent | c34c528537cd9baa7057588d628a36843d63b015 (diff) | |
download | puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.gz puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.bz2 |
make dropping of pakets marked as invalid optional
Diffstat (limited to 'manifests/init.pp')
-rw-r--r-- | manifests/init.pp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 4c69452..b1d051e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -38,6 +38,7 @@ # @param forward_policy Default policy for the FORWARD chain # @param output_policy Default policy for the OUTPUT chain # @param input_policy Default policy for the INPUT chain +# @param input_drop_invalid_packets_with_conntrack Enable/Disable the `mod conntrack ctstate INVALID DROP` statement. Only works if `$disable_conntrack` is `false`. You can set this to false if your policy is DROP. This only effects the INPUT chain. # @param rules A hash that holds all data for ferm::rule # @param chains A hash that holds all data for ferm::chain # @param forward_log_dropped_packets Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched @@ -61,6 +62,7 @@ class ferm ( Boolean $forward_log_dropped_packets = false, Boolean $output_log_dropped_packets = false, Boolean $input_log_dropped_packets = false, + Boolean $input_drop_invalid_packets_with_conntrack = false, Hash $rules = {}, Hash $chains = {}, Array[Enum['ip','ip6']] $ip_versions = ['ip','ip6'], |