diff options
Diffstat (limited to 'templates/ferm_chain_header.conf.epp')
-rw-r--r-- | templates/ferm_chain_header.conf.epp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp index 938958b..3c92e7a 100644 --- a/templates/ferm_chain_header.conf.epp +++ b/templates/ferm_chain_header.conf.epp @@ -1,5 +1,6 @@ <%- | Optional[Ferm::Policies] $policy, Boolean $disable_conntrack, + Boolean $drop_invalid_packets_with_conntrack, | -%> # THIS FILE IS MANAGED BY PUPPET <%- if $policy { -%> @@ -10,5 +11,7 @@ policy <%= $policy %>; <% unless $disable_conntrack { -%> # connection tracking mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT; +<% if $drop_invalid_packets_with_conntrack { -%> mod conntrack ctstate INVALID DROP; <% } -%> +<% } -%> |