# L O G G I N G
###############################################################################
+<% if node[:networking][:firewall][:log] -%>
LOG_LEVEL="info"
+<% else -%>
+LOG_LEVEL="none"
+<% end -%>
BLACKLIST_LOG_LEVEL=
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-ACCEPT_DEFAULT="none"
-DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
-REJECT_DEFAULT="Reject"
-<%- else %>
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
-<%- end %>
###############################################################################
# R S H / R C P C O M M A N D S
AUTOHELPERS=Yes
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-AUTOMAKE=No
-<%- else %>
AUTOMAKE=Yes
-<%- end %>
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
+<% if node[:networking][:firewall][:raw] -%>
BLACKLIST="NEW,INVALID,UNTRACKED"
+<% else -%>
+BLACKLIST="NEW,INVALID"
+<% end -%>
CLAMPMSS=No
DISABLE_IPV6=No
-DOCKER=No
+DOCKER=Yes
DONT_LOAD=
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-
-MODULE_SUFFIX=ko
-<%- end %>
MULTICAST=No
NULL_ROUTE_RFC1918=No
-<%- if node[:lsb][:release].to_f <= 14.04 %>
-OPTIMIZE=1
-<%- else %>
OPTIMIZE=All
-<%- end %>
OPTIMIZE_ACCOUNTING=No
SAVE_IPSETS=No
+<% if node[:networking][:firewall][:mangle] -%>
TC_ENABLED=Internal
+<% else -%>
+TC_ENABLED=No
+<% end -%>
TC_EXPERT=No
TRACK_RULES=No
USE_DEFAULT_RT=No
-<%- if node[:lsb][:release].to_f >= 18.04 %>
USE_NFLOG_SIZE=No
-<%- end %>
USE_PHYSICAL_NAMES=No
projects / chef.git / blobdiff