add masquerade rules for casulana virtual machines

[mirror/dsa-puppet.git] / modules / ferm / manifests / per_host.pp

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index d1d7b24..2afa570 100644 (file)
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -9,11 +9,11 @@ class ferm::per_host {
 
        case $::hostname {
                casulana: {
-                       @ferm::rule { 'cloud-builds':
-                               description     => 'cloud-builds access',
-                               table           => 'filter',
-                               chain           => 'INPUT',
-                               rule            => 'interface br0 ALLOW'
+                       @ferm::rule { 'dsa-cloud-builds-nat':
+                               description     => 'masquerade br1 virtual machines',
+                               table           => 'nat',
+                               chain           => 'POSTROUTING',
+                               rule            => 'saddr 172.16.1.0/24 outerface bond0.21 MASQUERADE'
                        }
                }
                czerny,clementi: {