Allow access to repos

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-01-11 23:05:01 +00:00 · 2018-01-11 23:05:01 +00:00 · c2493bc677
commit c2493bc677
parent f94a5f94cd
1 changed files with 10 additions and 0 deletions
--- a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
+++ b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
@ -36,6 +36,16 @@
 -A OUTPUT --dst 10.5.126.22 -p udp -m udp --dport 53 -j ACCEPT
 -A OUTPUT --dst 10.5.126.22 -p tcp -m tcp --dport 53 -j ACCEPT

+# Allow infrastructure.fp.o http and https
+-A OUTPUT --dst 10.5.126.23 -p tcp -m tcp --dport 80 -j ACCEPT
+-A OUTPUT --dst 10.5.126.23 -p tcp -m tcp --dport 443 -j ACCEPT
+
+# Allow https to proxies
+-A OUTPUT --dst 10.5.126.8 -p tcp -m tcp --dport 443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.9 -p tcp -m tcp --dport 443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.51 -p tcp -m tcp --dport 443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.52 -p tcp -m tcp --dport 443 -j ACCEPT
+
 # otherwise kick everything out
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited