Open access to db-fas01.stg from the stg subnet

See: https://pagure.io/fedora-infrastructure/issue/9304 Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2020-09-07 18:24:36 +02:00 · 2020-09-07 18:24:36 +02:00 · 1ee95304e1
commit 1ee95304e1
parent 6346188476
1 changed files with 9 additions and 7 deletions
--- a/inventory/host_vars/db-fas01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/db-fas01.stg.iad2.fedoraproject.org
@ -29,13 +29,15 @@ fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
 # fas3-01.stg and openshift
 #
 custom_rules:
- '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 5432 -j ACCEPT'
- '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 5432 -j ACCEPT'
+# - '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT'
+# - '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT'
+# - '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT'
+# - '-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 5432 -j ACCEPT'
+# - '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 5432 -j ACCEPT'
+# - '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 5432 -j ACCEPT'
+# - '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 5432 -j ACCEPT'
+# TODO: lock it down more
+- '-A INPUT -p tcp -m tcp -s 10.3.166.0/24 --dport 5432 -j ACCEPT'

 #
 # Large updates pushes cause lots of db threads doing the tag moves, so up this from default.