Unblock pkgs and do redirect instead

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

inventory/group_vars/pkgs

@@ -5,12 +5,6 @@ num_cpus: 4
 
 tcp_ports: [ 9418 ]
 
-custom_rules: [ 
-	      '-A INPUT -p tcp -m tcp -s 10.0.0.0/8 --dport 80 -j ACCEPT', 
-	      '-A INPUT -p tcp -m tcp -s 10.0.0.0/8 --dport 443 -j ACCEPT', 
-	      '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT', 
-	      '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 443 -j ACCEPT' ]
-
 # We have both celery (pagure_worker) and web thread wanting to send out fedmsg's.
 # To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg.
 fedmsg_active: True

inventory/group_vars/pkgs-stg

@@ -4,12 +4,6 @@ mem_size: 4096
 num_cpus: 4
 
 tcp_ports: [ 9418 ]
-custom_rules: [ 
-	      '-A INPUT -p tcp -m tcp -s 10.0.0.0/8 --dport 80 -j ACCEPT', 
-	      '-A INPUT -p tcp -m tcp -s 10.0.0.0/8 --dport 443 -j ACCEPT', 
-	      '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT', 
-	      '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 443 -j ACCEPT' ]
-
 # Definining these vars has a number of effects
 # 1) mod_wsgi is configured to use the vars for its own setup
 # 2) iptables opens enough ports for all threads for fedmsg

roles/distgit/templates/lookaside-upload.conf

@@ -14,8 +14,9 @@ SSLCryptoDevice builtin
 
 <VirtualHost _default_:80>
     ServerName pkgs{{ env_suffix }}.fedoraproject.org
-    #Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
-    # This is temporary for fixing Kojid because of firewall rules
+    RewriteCond expr "! -R '192.168.0.0/16'"        
+    RewriteCond expr "! -R '10.0.0.0/8'"            
+    RewriteRule ^(.*)$ https://src.fedoraproject.org/$1 [L,R]
     Alias /repo/ /srv/cache/lookaside/
 
     RewriteEngine on