<%- | Optional[Ferm::Policies] $policy, Boolean $disable_conntrack, Boolean $drop_invalid_packets_with_conntrack, | -%> # THIS FILE IS MANAGED BY PUPPET <%- if $policy { -%> # Default policy for this chain policy <%= $policy %>; <%- } -%> <% unless $disable_conntrack { -%> # connection tracking mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT; <% if $drop_invalid_packets_with_conntrack { -%> mod conntrack ctstate INVALID DROP; <% } -%> <% } -%>