Merge pull request #10 from kBite/make-usage-of-conntrack-optional

introduce parameter disable_conntrack
author: Tim Meusel <tim@bastelfreak.de> 2018-03-17 19:55:46 +0100
committer: GitHub <noreply@github.com> 2018-03-17 19:55:46 +0100
commit: 1ed440222ffb00904ffcba97505a887b95c4f3a0 (patch)
tree: b42360aa382cd4ca47ad60901df7844d33c40562 /templates/ferm_chain_header.conf.epp
parent: aadcd554e91188ecaabb70b70a456bb5baa328e0 (diff)
parent: ed76993b194fe13532250432db84690fa0b413ec (diff)
download: puppet-ferm-1ed440222ffb00904ffcba97505a887b95c4f3a0.tar.gz
puppet-ferm-1ed440222ffb00904ffcba97505a887b95c4f3a0.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp
index b8c444c..e2c30e6 100644
--- a/templates/ferm_chain_header.conf.epp
+++ b/templates/ferm_chain_header.conf.epp
@@ -1,8 +1,11 @@
 <%- | Ferm::Policies $policy,
+      Boolean $disable_conntrack,
 | -%>
 # Default policy for this chain
 policy <%= $policy %>;
 
+<% unless $disable_conntrack { -%>
 # connection tracking
 mod state state INVALID DROP;
 mod state state (ESTABLISHED RELATED) ACCEPT;
+<% } -%>
author	Tim Meusel <tim@bastelfreak.de>	2018-03-17 19:55:46 +0100
committer	GitHub <noreply@github.com>	2018-03-17 19:55:46 +0100
commit	1ed440222ffb00904ffcba97505a887b95c4f3a0 (patch)
tree	b42360aa382cd4ca47ad60901df7844d33c40562 /templates/ferm_chain_header.conf.epp
parent	aadcd554e91188ecaabb70b70a456bb5baa328e0 (diff)
parent	ed76993b194fe13532250432db84690fa0b413ec (diff)
download	puppet-ferm-1ed440222ffb00904ffcba97505a887b95c4f3a0.tar.gz puppet-ferm-1ed440222ffb00904ffcba97505a887b95c4f3a0.tar.bz2