From 91fa3bcde36896eedade89911df93bbf58b6609b Mon Sep 17 00:00:00 2001
From: Fabien COMBERNOUS <fabien.combernous@adullact.org>
Date: Fri, 1 Nov 2019 14:12:30 +0100
Subject: use dedicated conntrack parameters

---
 REFERENCE.md | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'REFERENCE.md')

diff --git a/REFERENCE.md b/REFERENCE.md
index 2de98f6..4a3283a 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -112,11 +112,27 @@ Data type: `Stdlib::Absolutepath`
 
 Path to the directory where the module stores ferm configuration files
 
-##### `disable_conntrack`
+##### `forward_disable_conntrack`
+
+Data type: `Boolean`
+
+Enable/Disable the generation of conntrack rules for the FORWARD chain
+
+Default value: `true`
+
+##### `output_disable_conntrack`
 
 Data type: `Boolean`
 
-Disable/Enable the generation of conntrack rules
+Enable/Disable the generation of conntrack rules for the OUTPUT chain
+
+Default value: `true`
+
+##### `input_disable_conntrack`
+
+Data type: `Boolean`
+
+Enable/Disable the generation of conntrack rules for the INPUT chain
 
 Default value: `false`
 
@@ -227,7 +243,9 @@ The following parameters are available in the `ferm::chain` defined type.
 
 Data type: `Boolean`
 
-Disable/Enable usage of conntrack
+Disable/Enable usage of conntrack. By default, we enable conntrack only for the filter INPUT chain
+
+Default value: `true`
 
 ##### `log_dropped_packets`
 
-- 
cgit v1.2.3