Révision ea96d5db
Move ct rules from global to INPUT and OUTPUT
| manifests/init.pp | ||
|---|---|---|
| 38 | 38 |
# drop), otherwise the packet will be rejected with the REJECT_WITH |
| 39 | 39 |
# policy indicated by the value of this parameter. |
| 40 | 40 |
# |
| 41 |
# @param in_out_conntrack |
|
| 42 |
# Adds INPUT and OUTPUT rules to allow traffic that's part of an |
|
| 43 |
# established connection and also to drop invalid packets. |
|
| 44 |
# |
|
| 41 | 45 |
class nftables ( |
| 42 | 46 |
Boolean $in_ssh = true, |
| 43 | 47 |
Boolean $out_ntp = true, |
| ... | ... | |
| 45 | 49 |
Boolean $out_http = true, |
| 46 | 50 |
Boolean $out_https = true, |
| 47 | 51 |
Boolean $out_all = false, |
| 52 |
Boolean $in_out_conntrack = true, |
|
| 48 | 53 |
Hash $rules = {},
|
| 49 | 54 |
String $log_prefix = '[nftables] %<chain>s %<comment>s', |
| 50 | 55 |
Variant[Boolean[false], Pattern[ |
Formats disponibles : Unified diff