From 4e49aac83013dc7989fd0086dfb1ddb329d6f880 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 8 Dec 2015 19:30:30 +0000 Subject: [PATCH] Allow ntp from internal phx2 10 nets to bastion servers. --- inventory/group_vars/bastion | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion index 986722eb45..031a10f034 100644 --- a/inventory/group_vars/bastion +++ b/inventory/group_vars/bastion @@ -12,9 +12,11 @@ udp_ports: [ 1194 ] # # drop incoming traffic from less trusted vpn hosts +# allow ntp from internal phx2 10 nets # custom_rules: [ '-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', + '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT', ] # # allow a bunch of sysadmin groups here so they can access internal stuff