From: Tollef Fog Heen <tfheen@err.no>
Date: Fri, 2 Feb 2018 10:54:23 +0000 (+0100)
Subject: No more conntrackd in bm, so drop firewall opening
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4089b81114c9ce7bd885194cb47204015c182a94;p=mirror%2Fdsa-puppet.git

No more conntrackd in bm, so drop firewall opening
---

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index e8d445a5d..e527d3c97 100644
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -98,9 +98,6 @@ class ferm::per_host {
 			@ferm::rule { 'dsa-vrrp':
 				rule            => 'proto vrrp daddr 224.0.0.18 jump ACCEPT',
 			}
-			@ferm::rule { 'dsa-conntrackd':
-				rule            => 'interface vlan2 daddr 225.0.0.50 jump ACCEPT',
-			}
 			@ferm::rule { 'dsa-bind-notrack-in':
 				domain      => 'ip',
 				description => 'NOTRACK for nameserver traffic',