diff options
Diffstat (limited to 'templates/ferm_chain_header.conf.epp')
-rw-r--r-- | templates/ferm_chain_header.conf.epp | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp index f94b18d..938958b 100644 --- a/templates/ferm_chain_header.conf.epp +++ b/templates/ferm_chain_header.conf.epp @@ -1,12 +1,14 @@ -<%- | Ferm::Policies $policy, +<%- | Optional[Ferm::Policies] $policy, Boolean $disable_conntrack, | -%> # THIS FILE IS MANAGED BY PUPPET +<%- if $policy { -%> # Default policy for this chain policy <%= $policy %>; +<%- } -%> <% unless $disable_conntrack { -%> # connection tracking -mod state state INVALID DROP; -mod state state (ESTABLISHED RELATED) ACCEPT; +mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT; +mod conntrack ctstate INVALID DROP; <% } -%> |