From 0e2410d160762dfe0a61b95841f97a25423bdba6 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 10 Sep 2014 16:36:05 +0000 Subject: [PATCH] Adjust firewall rules for anitya-frontend. It is a special case since its on the vpn. --- inventory/group_vars/anitya-frontend | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/inventory/group_vars/anitya-frontend b/inventory/group_vars/anitya-frontend index 81e75e95b4..85d626285d 100644 --- a/inventory/group_vars/anitya-frontend +++ b/inventory/group_vars/anitya-frontend @@ -7,10 +7,12 @@ num_cpus: 2 # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [ 80, 443, - # These 16 ports are used by fedmsg. One for each wsgi thread. - 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, - 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] +# Note that, usually there are 16-32 ports listed here so that fedmsg can bind +# to each of them (one for each wsgi thread). We're not doing that here because +# the anitya frontend is sitting on the vpn. We could, but we'd like to reduce +# vpn traffic. Instead, we configure the anitya app to connect directly to the +# fedmsg-relay sitting on busgateway01.vpn.fp.o and send its messages there. +tcp_ports: [ 80, 443 ] # Neeed for rsync from log01 for logs. custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]