]> git.donarmstrong.com Git - dsa-puppet.git/blobdiff - modules/ferm/manifests/per-host.pp
projects / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow all from vlan20
[dsa-puppet.git] / modules / ferm / manifests / per-host.pp
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 953ea65043f664ec404dd0c34c4912ce77228bfe..575050f8c91def8e82331e5b18042469fa7085cb 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -297,10 +297,21 @@ REJECT reject-with icmp-admin-prohibited
                default: {}
        }
        case $::hostname {
-               bm-bl1,bm-bl9: {
+               bm-bl1,bm-bl2: {
                        @ferm::rule { 'dsa-vrrp':
                                rule            => 'proto vrrp daddr 224.0.0.18 jump ACCEPT',
                        }
+                       @ferm::rule { 'dsa-conntrackd':
+                               rule            => 'interface vlan2 daddr 225.0.0.50 jump ACCEPT',
+                       }
+               }
+               default: {}
+       }
+       case $::hostname {
+               bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14: {
+                       @ferm::rule { 'dsa-hwnet-vlan20':
+                               rule            => 'interface vlan20 jump ACCEPT',
+                       }
                }
                default: {}
        }
Unnamed repository; edit this file 'description' to name the repository.