From 8f07d41aa9a11a6119b98c0217d844bd08143bd2 Mon Sep 17 00:00:00 2001
From: Martin Zobel-Helas <zobel@debian.org>
Date: Fri, 12 Apr 2013 16:45:10 +0200
Subject: [PATCH] allow conntrackd on vlan2 Signed-off-by: Martin Zobel-Helas
 <zobel@debian.org>

---
 modules/ferm/manifests/per-host.pp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 953ea6504..051fab727 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -301,6 +301,9 @@ REJECT reject-with icmp-admin-prohibited
 			@ferm::rule { 'dsa-vrrp':
 				rule            => 'proto vrrp daddr 224.0.0.18 jump ACCEPT',
 			}
+			@ferm::rule { 'dsa-conntrackd':
+				rule            => 'interface vlan2 daddr 225.0.0.50 jump ACCEPT',
+			}
 		}
 		default: {}
 	}
-- 
2.20.1