From b1deffa5ddf26c14bd8ef404237f79e4ed4f94d3 Mon Sep 17 00:00:00 2001
From: Kilian Engelhardt <kilian.engelhardt@godaddy.com>
Date: Fri, 16 Mar 2018 16:49:00 +0100
Subject: introduce parameter disable_conntrack

Default value of disable_conntrack is 'false'. Existing installations
are not affected by this change.
---
 manifests/chain.pp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'manifests/chain.pp')

diff --git a/manifests/chain.pp b/manifests/chain.pp
index 6f2ee1d..5b21912 100644
--- a/manifests/chain.pp
+++ b/manifests/chain.pp
@@ -1,8 +1,10 @@
 # defined resource which creates all rules for one chain
 # @param policy [Ferm::Policies] Set the default policy for a CHAIN
+# @param disable_conntrack [Boolean] disable/enable usage of conntrack
 # @param chain [Ferm::Chains] name of the chain that should be managed
 define ferm::chain (
   Ferm::Policies $policy,
+  Boolean $disable_conntrack,
   Ferm::Chains $chain = $name,
 ) {
 
@@ -14,7 +16,12 @@ define ferm::chain (
 
   concat::fragment{"${chain}-policy":
     target  => "/etc/ferm.d/chains/${chain}.conf",
-    content => epp("${module_name}/ferm_chain_header.conf.epp", {'policy' => $policy }),
+    content => epp(
+      "${module_name}/ferm_chain_header.conf.epp", {
+        'policy'            => $policy,
+        'disable_conntrack' => $disable_conntrack,
+      }
+    ),
     order   => '01',
   }
 }
-- 
cgit v1.2.3