From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 19 May 2012 20:24:00 +0000 (+0200)
Subject: fw forwarding updates for fischer
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=d78b033d293712ffbfc499e5659449572aa3fb81;p=mirror%2Fdsa-puppet.git

fw forwarding updates for fischer
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 169ae7d8a..93ac18f18 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -172,7 +172,8 @@ REJECT reject-with icmp-admin-prohibited
 				chain           => 'FORWARD',
 				rule            => 'def $ADDRESS_FANO=206.12.19.110;
 def $ADDRESS_FINZI=206.12.19.111;
-def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI);
+def $ADDRESS_FISCHER=206.12.19.112;
+def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER);
 
 policy ACCEPT;
 mod state state (ESTABLISHED RELATED) ACCEPT;
@@ -180,6 +181,7 @@ interface br0 outerface br0 ACCEPT;
 interface br1 outerface br1 ACCEPT;
 
 interface br2 outerface br0 jump from-kfreebsd;
+interface br0 destination ($ADDRESS_FISCHER) proto tcp dport 22 ACCESS;
 interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
 ULOG ulog-prefix "REJECT FORWARD: ";
 REJECT reject-with icmp-admin-prohibited