From d78b033d293712ffbfc499e5659449572aa3fb81 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 19 May 2012 22:24:00 +0200
Subject: [PATCH] fw forwarding updates for fischer

---
 modules/ferm/manifests/per-host.pp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 169ae7d8..93ac18f1 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -172,7 +172,8 @@ REJECT reject-with icmp-admin-prohibited
 				chain           => 'FORWARD',
 				rule            => 'def $ADDRESS_FANO=206.12.19.110;
 def $ADDRESS_FINZI=206.12.19.111;
-def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI);
+def $ADDRESS_FISCHER=206.12.19.112;
+def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER);
 
 policy ACCEPT;
 mod state state (ESTABLISHED RELATED) ACCEPT;
@@ -180,6 +181,7 @@ interface br0 outerface br0 ACCEPT;
 interface br1 outerface br1 ACCEPT;
 
 interface br2 outerface br0 jump from-kfreebsd;
+interface br0 destination ($ADDRESS_FISCHER) proto tcp dport 22 ACCESS;
 interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
 ULOG ulog-prefix "REJECT FORWARD: ";
 REJECT reject-with icmp-admin-prohibited
-- 
2.39.2