diff options
| author | Tim Meusel <tim@bastelfreak.de> | 2019-09-11 13:29:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-11 13:29:12 +0200 |
| commit | 6d96e030be0db4a916dd6a9bd0b25570d359e634 (patch) | |
| tree | 523f7a96c5b2640dbf2dd45cd89d931e12ceff9d /templates/ferm_chain_header.conf.epp | |
| parent | 81748ba786c6a55c4575a400c08de99716da8fbb (diff) | |
| parent | 882a45498ddefdfc83ff5b19da723fd0be3acdec (diff) | |
| download | puppet-ferm-6d96e030be0db4a916dd6a9bd0b25570d359e634.tar.gz puppet-ferm-6d96e030be0db4a916dd6a9bd0b25570d359e634.tar.bz2 | |
Merge pull request #58 from voxpupuli/multi-table-support
add ability to configure rules in tables other than the default "filter" table
Diffstat (limited to 'templates/ferm_chain_header.conf.epp')
| -rw-r--r-- | templates/ferm_chain_header.conf.epp | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp index f94b18d..938958b 100644 --- a/templates/ferm_chain_header.conf.epp +++ b/templates/ferm_chain_header.conf.epp @@ -1,12 +1,14 @@ -<%- | Ferm::Policies $policy, +<%- | Optional[Ferm::Policies] $policy, Boolean $disable_conntrack, | -%> # THIS FILE IS MANAGED BY PUPPET +<%- if $policy { -%> # Default policy for this chain policy <%= $policy %>; +<%- } -%> <% unless $disable_conntrack { -%> # connection tracking -mod state state INVALID DROP; -mod state state (ESTABLISHED RELATED) ACCEPT; +mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT; +mod conntrack ctstate INVALID DROP; <% } -%> |