templates/ferm.conf.epp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

<%- | String[1] $ip,
Stdlib::Absolutepath $configdirectory,
Hash[String[1], Array[String[1]]] $preserve_chains_in_tables,
| -%>
# End custom section

<%- $preserve_chains_in_tables.each |$table, $chains| { -%>
domain (<%= $ip %>) table <%= $table %> {
  <%- $chains.each |$chain| { -%>
  chain <%= $chain %> @preserve;
  <%- } -%>
}
<%- } -%>

domain (<%= $ip %>) table filter {
  chain INPUT {
    interface lo ACCEPT;
    @include '<%= $configdirectory %>/chains/INPUT.conf';
  }

  chain OUTPUT {
    @include '<%= $configdirectory %>/chains/OUTPUT.conf';
  }

  chain FORWARD {
    @include '<%= $configdirectory %>/chains/FORWARD.conf';
  }
}