No more conntrackd in bm, so drop firewall opening

author Tollef Fog Heen <tfheen@err.no>

Fri, 2 Feb 2018 10:54:23 +0000 (11:54 +0100)

committer Tollef Fog Heen <tfheen@err.no>

Fri, 2 Feb 2018 10:56:16 +0000 (11:56 +0100)
author Tollef Fog Heen <tfheen@err.no>
Fri, 2 Feb 2018 10:54:23 +0000 (11:54 +0100)
committer Tollef Fog Heen <tfheen@err.no>
Fri, 2 Feb 2018 10:56:16 +0000 (11:56 +0100)
diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp

index e8d445a..e527d3c 100644 (file)
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -98,9 +98,6 @@ class ferm::per_host {
                         @ferm::rule { 'dsa-vrrp':
                                 rule            => 'proto vrrp daddr 224.0.0.18 jump ACCEPT',
                         }
-                       @ferm::rule { 'dsa-conntrackd':
-                               rule            => 'interface vlan2 daddr 225.0.0.50 jump ACCEPT',
-                       }
                         @ferm::rule { 'dsa-bind-notrack-in':
                                 domain      => 'ip',
                                 description => 'NOTRACK for nameserver traffic',
author	Tollef Fog Heen <tfheen@err.no>
	Fri, 2 Feb 2018 10:54:23 +0000 (11:54 +0100)
committer	Tollef Fog Heen <tfheen@err.no>
	Fri, 2 Feb 2018 10:56:16 +0000 (11:56 +0100)