class ferm::ftp_conntrack {
- # This also works for jessie hosts, but requires a reboot
- if (versioncmp($::lsbmajdistrelease, '9') >= 0) {
- # Allow non-passive connections to an FTP server
- ferm::rule { 'dsa-ftp-conntrack-client':
- domain => '(ip ip6)',
- description => 'ftp client connection tracking',
- table => 'raw',
- chain => 'OUTPUT',
- rule => 'proto tcp dport 21 CT helper ftp'
- }
+ # Allow non-passive connections to an FTP server
+ ferm::rule { 'dsa-ftp-conntrack-client':
+ domain => '(ip ip6)',
+ description => 'ftp client connection tracking',
+ table => 'raw',
+ chain => 'OUTPUT',
+ rule => 'proto tcp dport 21 CT helper ftp'
+ }
- # Allow passive connections from an FTP client
- ferm::rule { 'dsa-ftp-conntrack-server':
- domain => '(ip ip6)',
- description => 'ftp server connection tracking',
- table => 'raw',
- chain => 'PREROUTING',
- rule => 'proto tcp dport 21 CT helper ftp'
- }
- } else {
- ferm::module { 'nf_conntrack_ftp': }
+ # Allow passive connections from an FTP client
+ ferm::rule { 'dsa-ftp-conntrack-server':
+ domain => '(ip ip6)',
+ description => 'ftp server connection tracking',
+ table => 'raw',
+ chain => 'PREROUTING',
+ rule => 'proto tcp dport 21 CT helper ftp'
}
}
projects / mirror / dsa-puppet.git / commitdiff