From 2f9504efa89750df32beb0a067344d9174663018 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 25 Sep 2017 20:52:38 +0000
Subject: [PATCH] no external git:// cloning pleaase

---
 inventory/group_vars/pkgs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs
index fd0e9312a2..c0435a0329 100644
--- a/inventory/group_vars/pkgs
+++ b/inventory/group_vars/pkgs
@@ -3,11 +3,13 @@ lvm_size: 100000
 mem_size: 4096
 num_cpus: 4
 
-tcp_ports: [80, 443, 9418,
+tcp_ports: [80, 443,
     # These 16 ports are used by fedmsg.  One for each wsgi thread.
     3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
     3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
 
+custom_rules: [ '-A INPUT -s 10.0.0.0/8 -p tcp -m tcp --dport 9418 -j ACCEPT']
+
 # Definining these vars has a number of effects
 # 1) mod_wsgi is configured to use the vars for its own setup
 # 2) iptables opens enough ports for all threads for fedmsg