From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 20 May 2012 16:44:10 +0000 (+0200)
Subject: Add falla
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;ds=inline;h=fac17147967cf162d1e2816273b491fd2bd85f14;p=mirror%2Fdsa-puppet.git

Add falla
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index d3a8a29aa..d6fbb0a1d 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -173,7 +173,8 @@ REJECT reject-with icmp-admin-prohibited
 				rule            => 'def $ADDRESS_FANO=206.12.19.110;
 def $ADDRESS_FINZI=206.12.19.111;
 def $ADDRESS_FISCHER=206.12.19.112;
-def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER);
+def $ADDRESS_FALLA=206.12.19.117;
+def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER $ADDRESS_FALLA);
 
 policy ACCEPT;
 mod state state (ESTABLISHED RELATED) ACCEPT;
@@ -181,7 +182,7 @@ interface br0 outerface br0 ACCEPT;
 interface br1 outerface br1 ACCEPT;
 
 interface br2 outerface br0 jump from-kfreebsd;
-interface br0 destination ($ADDRESS_FISCHER) proto tcp dport 22 ACCEPT;
+interface br0 destination ($ADDRESS_FISCHER $ADDRESS_FALLA) proto tcp dport 22 ACCEPT;
 interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
 ULOG ulog-prefix "REJECT FORWARD: ";
 REJECT reject-with icmp-admin-prohibited