]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/networking/templates/default/shorewall6.conf.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disable unsupported firewall features on boitata
[chef.git] / cookbooks / networking / templates / default / shorewall6.conf.erb
diff --git a/cookbooks/networking/templates/default/shorewall6.conf.erb b/cookbooks/networking/templates/default/shorewall6.conf.erb
index c6c1104c7fe58e8496a65b49a5423028e01688c3..a98408e0bcd82b1310ebdb75c2d6fa95af1f85a6 100644 (file)
--- a/cookbooks/networking/templates/default/shorewall6.conf.erb
+++ b/cookbooks/networking/templates/default/shorewall6.conf.erb
@@ -28,7 +28,11 @@ FIREWALL=
 #                             L O G G I N G
 ###############################################################################
 
+<% if node[:networking][:firewall][:log] -%>
 LOG_LEVEL="info"
+<% else -%>
+LOG_LEVEL="none"
+<% end -%>
 
 BLACKLIST_LOG_LEVEL=
 
@@ -134,7 +138,11 @@ BALANCE_PROVIDERS=No
 
 BASIC_FILTERS=No
 
+<% if node[:networking][:firewall][:raw] -%>
 BLACKLIST="NEW,INVALID,UNTRACKED"
+<% else -%>
+BLACKLIST="NEW,INVALID"
+<% end -%>
 
 CLAMPMSS=No
 
@@ -156,7 +164,11 @@ EXPORTMODULES=Yes
 
 FASTACCEPT=No
 
+<% if node[:networking][:firewall][:mark] -%>
 FORWARD_CLEAR_MARK=Yes
+<% else -%>
+FORWARD_CLEAR_MARK=No
+<% end -%>
 
 HELPERS=
 
@@ -204,7 +216,11 @@ RESTORE_ROUTEMARKS=Yes
 
 SAVE_IPSETS=No
 
+<% if node[:networking][:firewall][:mangle] -%>
 TC_ENABLED=Shared
+<% else -%>
+TC_ENABLED=No
+<% end -%>
 
 TC_EXPERT=No
 
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.