Puppet Class: nftables::inet_filter::in_out_conntrack
- Defined in:
-
manifests/inet_filter/in_out_conntrack.pp
Summary
manage input & output conntrack
Overview
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
# File 'manifests/inet_filter/in_out_conntrack.pp', line 2
class nftables::inet_filter::in_out_conntrack {
nftables::rule {
'INPUT-accept_established_related':
order => '05',
content => 'ct state established,related accept';
'OUTPUT-accept_established_related':
order => '05',
content => 'ct state established,related accept';
}
if $nftables::in_out_drop_invalid {
nftables::rule { 'INPUT-drop_invalid':
order => '06',
content => 'ct state invalid drop',
}
nftables::rule { 'OUTPUT-drop_invalid':
order => '06',
content => 'ct state invalid drop';
}
}
}
|