From b1deffa5ddf26c14bd8ef404237f79e4ed4f94d3 Mon Sep 17 00:00:00 2001
From: Kilian Engelhardt <kilian.engelhardt@godaddy.com>
Date: Fri, 16 Mar 2018 16:49:00 +0100
Subject: introduce parameter disable_conntrack

Default value of disable_conntrack is 'false'. Existing installations
are not affected by this change.
---
 templates/ferm_chain_header.conf.epp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'templates/ferm_chain_header.conf.epp')

diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp
index b8c444c..e2c30e6 100644
--- a/templates/ferm_chain_header.conf.epp
+++ b/templates/ferm_chain_header.conf.epp
@@ -1,8 +1,11 @@
 <%- | Ferm::Policies $policy,
+      Boolean $disable_conntrack,
 | -%>
 # Default policy for this chain
 policy <%= $policy %>;
 
+<% unless $disable_conntrack { -%>
 # connection tracking
 mod state state INVALID DROP;
 mod state state (ESTABLISHED RELATED) ACCEPT;
+<% } -%>
-- 
cgit v1.2.3