<%- | Optional[Ferm::Policies] $policy, Boolean $disable_conntrack, | -%> # THIS FILE IS MANAGED BY PUPPET <%- if $policy { -%> # Default policy for this chain policy <%= $policy %>; <%- } -%> <% unless $disable_conntrack { -%> # connection tracking mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT; mod conntrack ctstate INVALID DROP; <% } -%>