+'
+ }
+ }
+ czerny: {
+ @ferm::rule { 'dsa-routing':
+ description => 'forward chain',
+ chain => 'FORWARD',
+ rule => 'def $ADDRESS_FILS=82.195.75.89;
+def $FREEBSD_HOSTS=($ADDRESS_FILS);
+
+policy ACCEPT;
+mod state state (ESTABLISHED RELATED) ACCEPT;
+interface br0 outerface br0 ACCEPT;
+interface br1 outerface br1 ACCEPT;
+
+interface br2 outerface br0 jump from-kfreebsd;
+interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
+ULOG ulog-prefix "REJECT FORWARD: ";
+REJECT reject-with icmp-admin-prohibited