diff options
author | Tim Meusel <tim@bastelfreak.de> | 2020-04-21 14:05:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-21 14:05:26 +0200 |
commit | e36464557e1ad51d26da0450ab2604693fffb1f2 (patch) | |
tree | 9214c865a224b44d9a21a78ebee86954c7e6fe8d /templates/ferm_chain_header.conf.epp | |
parent | c34c528537cd9baa7057588d628a36843d63b015 (diff) | |
parent | cd38691675da20ff4f38f18b2505955694ea56e4 (diff) | |
download | puppet-ferm-e36464557e1ad51d26da0450ab2604693fffb1f2.tar.gz puppet-ferm-e36464557e1ad51d26da0450ab2604693fffb1f2.tar.bz2 |
Merge pull request #100 from bastelfreak/invalid
make dropping of invalid pakets optional
Diffstat (limited to 'templates/ferm_chain_header.conf.epp')
-rw-r--r-- | templates/ferm_chain_header.conf.epp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp index 938958b..3c92e7a 100644 --- a/templates/ferm_chain_header.conf.epp +++ b/templates/ferm_chain_header.conf.epp @@ -1,5 +1,6 @@ <%- | Optional[Ferm::Policies] $policy, Boolean $disable_conntrack, + Boolean $drop_invalid_packets_with_conntrack, | -%> # THIS FILE IS MANAGED BY PUPPET <%- if $policy { -%> @@ -10,5 +11,7 @@ policy <%= $policy %>; <% unless $disable_conntrack { -%> # connection tracking mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT; +<% if $drop_invalid_packets_with_conntrack { -%> mod conntrack ctstate INVALID DROP; <% } -%> +<% } -%> |