From 08ca54945c72b32e2727f74f1bbc26a70ecfbbdb Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 18 Aug 2015 03:47:44 +0000 Subject: [PATCH] Copy prod fedmsg iptables loop to staging. --- roles/base/templates/iptables/iptables.staging | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/base/templates/iptables/iptables.staging b/roles/base/templates/iptables/iptables.staging index 5fc0cfa4cf..fbd082e4ff 100644 --- a/roles/base/templates/iptables/iptables.staging +++ b/roles/base/templates/iptables/iptables.staging @@ -36,6 +36,12 @@ COMMIT -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +# if the host declares a fedmsg-enabled wsgi app, open ports for it +{% if wsgi_fedmsg_service is defined %} +{% for i in range(wsgi_procs * wsgi_threads) %} +-A INPUT -p tcp -m tcp --dport 30{{ '%02d' % i }} -j ACCEPT +{% endfor %} +{% endif %} # if the host/group defines incoming tcp_ports - allow them {% for port in tcp_ports %}