From 56cbb0beb8ed386f6fab93d4757a309855a5e98c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 24 Mar 2021 06:32:49 -0700
Subject: [PATCH] ipa: make sure we open ports 88 and 464 UDP

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/ipa     | 3 ++-
 inventory/group_vars/ipa_stg | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/inventory/group_vars/ipa b/inventory/group_vars/ipa
index 20066f0cb2..6f71496af5 100644
--- a/inventory/group_vars/ipa
+++ b/inventory/group_vars/ipa
@@ -5,9 +5,10 @@ mem_size: 6144
 num_cpus: 2
 
 tcp_ports: [ 80, 88, 389, 443, 464, 636 ]
+udp_ports: [ 88, 464 ]
 
 custom_rules: [
-    '-A INPUT -p udp -m udp -s 10.5.0.0/16 --dport 53 -j ACCEPT'
+    '-A INPUT -p udp -m udp -s 10.3.0.0/16 --dport 53 -j ACCEPT'
 ]
 
 primary_auth_source: ipa
diff --git a/inventory/group_vars/ipa_stg b/inventory/group_vars/ipa_stg
index 8a76c506a6..624e981298 100644
--- a/inventory/group_vars/ipa_stg
+++ b/inventory/group_vars/ipa_stg
@@ -5,6 +5,7 @@ mem_size: 6144
 num_cpus: 2
 
 tcp_ports: [ 80, 88, 389, 443, 464, 636 ]
+udp_ports: [ 88, 464 ]
 
 ipa_host_group: ipa
 ipa_host_group_desc: IPA service