From 19c71d9abd269d88450f54ddb95e036c804a8fe8 Mon Sep 17 00:00:00 2001
From: Thore Bödecker <me@foxxx0.de>
Date: Tue, 24 Sep 2019 16:35:19 +0200
Subject: disable conntrack filtering in FORWARD/OUTPUT

conntrack filtering basically doesn't work in those chains, so we need
to disable it.
---
 manifests/config.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'manifests/config.pp')

diff --git a/manifests/config.pp b/manifests/config.pp
index 7dae7a5..16ecd9e 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -49,12 +49,12 @@ class ferm::config {
   }
   ferm::chain{'FORWARD':
     policy              => $ferm::forward_policy,
-    disable_conntrack   => $ferm::disable_conntrack,
+    disable_conntrack   => true,
     log_dropped_packets => $ferm::forward_log_dropped_packets,
   }
   ferm::chain{'OUTPUT':
     policy              => $ferm::output_policy,
-    disable_conntrack   => $ferm::disable_conntrack,
+    disable_conntrack   => true,
     log_dropped_packets => $ferm::output_log_dropped_packets,
   }
 
-- 
cgit v1.2.3