diff options
author | Tim Meusel <tim@bastelfreak.de> | 2020-04-15 09:57:09 +0200 |
---|---|---|
committer | Tim Meusel <tim@bastelfreak.de> | 2020-04-21 13:57:49 +0200 |
commit | cd38691675da20ff4f38f18b2505955694ea56e4 (patch) | |
tree | 9214c865a224b44d9a21a78ebee86954c7e6fe8d /templates/ferm_chain_header.conf.epp | |
parent | c34c528537cd9baa7057588d628a36843d63b015 (diff) | |
download | puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.gz puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.bz2 |
make dropping of pakets marked as invalid optional
Diffstat (limited to 'templates/ferm_chain_header.conf.epp')
-rw-r--r-- | templates/ferm_chain_header.conf.epp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp index 938958b..3c92e7a 100644 --- a/templates/ferm_chain_header.conf.epp +++ b/templates/ferm_chain_header.conf.epp @@ -1,5 +1,6 @@ <%- | Optional[Ferm::Policies] $policy, Boolean $disable_conntrack, + Boolean $drop_invalid_packets_with_conntrack, | -%> # THIS FILE IS MANAGED BY PUPPET <%- if $policy { -%> @@ -10,5 +11,7 @@ policy <%= $policy %>; <% unless $disable_conntrack { -%> # connection tracking mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT; +<% if $drop_invalid_packets_with_conntrack { -%> mod conntrack ctstate INVALID DROP; <% } -%> +<% } -%> |