From 5dcff45f98ffededfbdf3f87a6228c0f916dfe2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= <jschneider@entrouvert.com>
Date: Wed, 7 Jan 2015 15:15:55 +0100
Subject: [PATCH] ferm: don't filter input by interface but only by ip

This allows VMs to talk to the host (Closes #6251)
---
 ferm/ferm.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ferm/ferm.conf b/ferm/ferm.conf
index 8a961d4..2ab12ae 100644
--- a/ferm/ferm.conf
+++ b/ferm/ferm.conf
@@ -65,7 +65,7 @@ table filter {
         proto icmp icmp-type echo-request ACCEPT;
 
         # local services
-        interface $DEV_WAN daddr $IP_WAN mod state state NEW {
+        daddr $IP_WAN mod state state NEW {
             # DNS requests
             @if $DNS_ON_WAN proto (udp tcp) dport 53
                 mod comment comment "DNS on WAN"