From: Martin Zobel-Helas <zobel@debian.org>
Date: Fri, 12 Apr 2013 14:45:10 +0000 (+0200)
Subject: allow conntrackd on vlan2
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=8f07d41aa9a11a6119b98c0217d844bd08143bd2;p=mirror%2Fdsa-puppet.git

allow conntrackd on vlan2
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 953ea6504..051fab727 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -301,6 +301,9 @@ REJECT reject-with icmp-admin-prohibited
 			@ferm::rule { 'dsa-vrrp':
 				rule            => 'proto vrrp daddr 224.0.0.18 jump ACCEPT',
 			}
+			@ferm::rule { 'dsa-conntrackd':
+				rule            => 'interface vlan2 daddr 225.0.0.50 jump ACCEPT',
+			}
 		}
 		default: {}
 	}