From c18ea6b65858647c6e662e773e7a6756d5dd6100 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Sat, 13 Jan 2018 13:59:46 +0000
Subject: [PATCH] Allow mmfrontend-checkin to connect to VPN

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 .../iptables.mm-frontend-checkin01.phx2.fedoraproject.org     | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
index 34f0500df0..b39fb0ffc5 100644
--- a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
+++ b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
@@ -46,6 +46,10 @@
 -A OUTPUT --dst 10.5.126.51 -p tcp -m tcp --dport 443 -j ACCEPT
 -A OUTPUT --dst 10.5.126.52 -p tcp -m tcp --dport 443 -j ACCEPT
 
+# Allow VPN access
+-A OUTPUT --dst 10.5.126.11 -p udp -m udp --dport 1194 -j ACCEPT
+-A OUTPUT --dst 10.5.126.12 -p udp -m udp --dport 1194 -j ACCEPT
+
 # otherwise kick everything out
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited