From 12af7acc4bc6f7d43ab71cbce39a2c99982ee243 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 20 Jan 2016 23:39:20 +0000
Subject: [PATCH] Add custom sigul rule to bodhi backends to prevent iptables
 messing with long running connections

---
 inventory/group_vars/bodhi-backend     | 3 +++
 inventory/group_vars/bodhi-backend-stg | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/inventory/group_vars/bodhi-backend b/inventory/group_vars/bodhi-backend
index 55ac1e8791..713a3d084c 100644
--- a/inventory/group_vars/bodhi-backend
+++ b/inventory/group_vars/bodhi-backend
@@ -29,6 +29,9 @@ tcp_ports: [
     3010, 3011, 3012, 3013, 3014,
     3015, 3016, 3017, 3018, 3019,
 ]
+# Make connections from signing bridges stateless, they break sigul connections
+# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
+custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org -j ACCEPT']
 
 # With 16 cpus, theres a bunch more kernel threads
 nrpe_procs_warn: 900
diff --git a/inventory/group_vars/bodhi-backend-stg b/inventory/group_vars/bodhi-backend-stg
index 570de8d782..cf44abe727 100644
--- a/inventory/group_vars/bodhi-backend-stg
+++ b/inventory/group_vars/bodhi-backend-stg
@@ -29,6 +29,10 @@ tcp_ports: [
     3015, 3016, 3017, 3018, 3019,
 ]
 
+# Make connections from signing bridges stateless, they break sigul connections
+# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
+custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org -j ACCEPT']
+
 # With 16 cpus, theres a bunch more kernel threads
 nrpe_procs_warn: 900
 nrpe_procs_crit: 1000