zabbix: ensure zabbix can communicate with releng machines

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>

roles/base/templates/iptables/iptables.releng

@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 #
 # NOTE: Chaging this template updates iptables on all releng hosts :)
-# Please check with sysadmin-main before pushing out an update here. 
+# Please check with sysadmin-main before pushing out an update here.
 #
 *filter
 :INPUT DROP []
@@ -26,6 +26,9 @@
 -A INPUT -p tcp -m tcp -s 38.145.60.15 --dport 5666 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.3.163.10  --dport 5666 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.3.166.10  --dport 5666 -j ACCEPT
+# Zabbix
+-A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 10050 -s 10.3.163.198 -j ACCEPT
 
 # if the blocked_ips is defined - drop them
 {% if blocked_ips is defined %}
@@ -40,7 +43,7 @@
 -A INPUT -p tcp -m tcp -s 147.251.0.0/16 --dport 22 -j REJECT
 # matches last rule for a service we want blocked
 -A INPUT -p tcp -m tcp -s 192.168.100.0/24 --dport 22 -j REJECT --reject-with tcp-reset
--A INPUT -p tcp -m tcp  --dport 22 -j ACCEPT 
+-A INPUT -p tcp -m tcp  --dport 22 -j ACCEPT
 
 # Allow all netapp traffic
 -A INPUT -p udp -m udp -s 10.3.162.0/24 -j ACCEPT
@@ -71,7 +74,7 @@
 {{ rule }}
 {% endfor %}
 
-# Extra protection for 192.168.100.x vpn hosts. 
+# Extra protection for 192.168.100.x vpn hosts.
 -A INPUT -s 192.168.100.0/24 -j REJECT --reject-with icmp-host-prohibited
 
 -A INPUT -j REJECT --reject-with icmp-host-prohibited