Allow all from vlan20

[dsa-puppet.git] / modules / ferm / manifests / per-host.pp

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index bb40a0a1633405123edae4379a1ddf8cffd6a493..575050f8c91def8e82331e5b18042469fa7085cb 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -307,4 +307,12 @@ REJECT reject-with icmp-admin-prohibited
                }
                default: {}
        }
+       case $::hostname {
+               bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14: {
+                       @ferm::rule { 'dsa-hwnet-vlan20':
+                               rule            => 'interface vlan20 jump ACCEPT',
+                       }
+               }
+               default: {}
+       }
 }