blob: 3c92e7a402a86d7f77e5d0d77d111edf777c6d0a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
<%- | Optional[Ferm::Policies] $policy,
Boolean $disable_conntrack,
Boolean $drop_invalid_packets_with_conntrack,
| -%>
# THIS FILE IS MANAGED BY PUPPET
<%- if $policy { -%>
# Default policy for this chain
policy <%= $policy %>;
<%- } -%>
<% unless $disable_conntrack { -%>
# connection tracking
mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT;
<% if $drop_invalid_packets_with_conntrack { -%>
mod conntrack ctstate INVALID DROP;
<% } -%>
<% } -%>
|
