From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 22 May 2013 16:32:16 +0000 (+0200)
Subject: no more freebsd routing on luchesi
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=5a1694ca85e737ad04b6eab6fb2dbb72fd0349a6;p=mirror%2Fdsa-puppet.git

no more freebsd routing on luchesi
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 1df7bdb10..b1e858e67 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -212,7 +212,7 @@ REJECT reject-with icmp-admin-prohibited
 		default: {}
 	}
 
-	if $::hostname in [rautavaara,luchesi] {
+	if $::hostname in [rautavaara] {
 		@ferm::rule { 'dsa-to-kfreebsd':
 			description     => 'Traffic routed to kfreebsd hosts',
 			chain           => 'to-kfreebsd',
@@ -252,29 +252,6 @@ interface vlan11 outerface eth0 jump from-kfreebsd;
 interface eth0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
 ULOG ulog-prefix "REJECT FORWARD: ";
 REJECT reject-with icmp-admin-prohibited
-'
-			}
-		}
-		luchesi: {
-			@ferm::rule { 'dsa-routing':
-				description     => 'forward chain',
-				chain           => 'FORWARD',
-				rule            => 'def $ADDRESS_FANO=206.12.19.110;
-def $ADDRESS_FINZI=206.12.19.111;
-def $ADDRESS_FISCHER=206.12.19.112;
-def $ADDRESS_FALLA=206.12.19.117;
-def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER $ADDRESS_FALLA);
-
-policy ACCEPT;
-mod state state (ESTABLISHED RELATED) ACCEPT;
-interface br0 outerface br0 ACCEPT;
-interface br1 outerface br1 ACCEPT;
-
-interface br2 outerface br0 jump from-kfreebsd;
-interface br0 destination ($ADDRESS_FISCHER $ADDRESS_FALLA) proto tcp dport 22 ACCEPT;
-interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
-ULOG ulog-prefix "REJECT FORWARD: ";
-REJECT reject-with icmp-admin-prohibited
 '
 			}
 		}