projects / mirror / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Switch FTP conntrack to explicit CT target
[mirror/dsa-puppet.git] / modules / ferm / manifests / ftp_conntrack.pp
1 class ferm::ftp_conntrack {
2
3         # Allow non-passive connections to an FTP server
4         @ferm::rule { 'dsa-ftp-conntrack-client':
5                 domain      => '(ip ip6)',
6                 description => 'ftp client connection tracking',
7                 table       => 'raw',
8                 chain       => 'OUTPUT',
9                 rule        => 'proto tcp dport 21 CT helper ftp'
10         }
11
12         # Allow passive connections from an FTP client
13         @ferm::rule { 'dsa-ftp-conntrack-server':
14                 domain      => '(ip ip6)',
15                 description => 'ftp server connection tracking',
16                 table       => 'raw',
17                 chain       => 'PREROUTING',
18                 rule        => 'proto tcp dport 21 CT helper ftp'
19         }
20 }
Unnamed repository; edit this file 'description' to name the repository.