<%- | Ferm::Policies $policy, Boolean $disable_conntrack, | -%> # THIS FILE IS MANAGED BY PUPPET # Default policy for this chain policy <%= $policy %>; <% unless $disable_conntrack { -%> # connection tracking mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; <% } -%>