1 files changed, 10 insertions, 0 deletions

diff --git a/manifests/chain.pp b/manifests/chain.pp
index 5b21912..f9722cf 100644
--- a/manifests/chain.pp
+++ b/manifests/chain.pp
@@ -2,9 +2,11 @@
 # @param policy [Ferm::Policies] Set the default policy for a CHAIN
 # @param disable_conntrack [Boolean] disable/enable usage of conntrack
 # @param chain [Ferm::Chains] name of the chain that should be managed
+# @param log_dropped_packets [Boolean] boolean to enable/disable logging of packets to the kernel log, if no explicit chain matched
 define ferm::chain (
   Ferm::Policies $policy,
   Boolean $disable_conntrack,
+  Boolean $log_dropped_packets,
   Ferm::Chains $chain = $name,
 ) {
 
@@ -24,4 +26,12 @@ define ferm::chain (
     ),
     order   => '01',
   }
+
+  if $log_dropped_packets {
+    concat::fragment{"${chain}-footer":
+      target  => "/etc/ferm.d/chains/${chain}.conf",
+      content => epp("${module_name}/ferm_chain_footer.conf.epp", { 'chain' => $chain }),
+      order   => '99',
+    }
+  }
 }