Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Allow ntp from internal phx2 10 nets to bastion servers.

Browse source
This commit is contained in:
Kevin Fenzi 2015-12-08 19:30:30 +00:00
parent 9511bfe231
commit 4e49aac830
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/group_vars/bastion
View file

@ -12,9 +12,11 @@ udp_ports: [ 1194 ]
# #
# drop incoming traffic from less trusted vpn hosts # drop incoming traffic from less trusted vpn hosts
# allow ntp from internal phx2 10 nets
# #
custom_rules: [ custom_rules: [
'-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited',
'-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT',
] ]
# #
# allow a bunch of sysadmin groups here so they can access internal stuff # allow a bunch of sysadmin groups here so they can access internal stuff