From 2032b6396a35b90cda2d9f26d3b7bb88364ff510 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 5 Jul 2014 21:33:31 +0000
Subject: [PATCH] Narrow this forward to only valid ips at site.

---
 roles/base/templates/iptables/iptables.coloamer | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/base/templates/iptables/iptables.coloamer b/roles/base/templates/iptables/iptables.coloamer
index 920ef2e2f3..d2701a91a5 100644
--- a/roles/base/templates/iptables/iptables.coloamer
+++ b/roles/base/templates/iptables/iptables.coloamer
@@ -60,7 +60,8 @@
 # otherwise kick everything out
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 {% if virthost is defined %}
--A FORWARD -j ACCEPT
+-A FORWARD -s 67.203.2.64/29 -j ACCEPT
+-A FORWARD -d 67.203.2.64/29 -j ACCEPT
 {% else %}
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 {% endif %}