No more conntrackd in bm, so drop firewall opening

[mirror/dsa-puppet.git] / modules / ferm / manifests / per_host.pp

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index e8d445a..e527d3c 100644 (file)
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -98,9 +98,6 @@ class ferm::per_host {
                        @ferm::rule { 'dsa-vrrp':
                                rule            => 'proto vrrp daddr 224.0.0.18 jump ACCEPT',
                        }
-                       @ferm::rule { 'dsa-conntrackd':
-                               rule            => 'interface vlan2 daddr 225.0.0.50 jump ACCEPT',
-                       }
                        @ferm::rule { 'dsa-bind-notrack-in':
                                domain      => 'ip',
                                description => 'NOTRACK for nameserver traffic',