From c2493bc67794bf903b81139cd08ea58625dbe25f Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 11 Jan 2018 23:05:01 +0000
Subject: [PATCH] Allow access to repos

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 ...tables.mm-frontend-checkin01.phx2.fedoraproject.org | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
index 3a13292b05..34f0500df0 100644
--- a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
+++ b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
@@ -36,6 +36,16 @@
 -A OUTPUT --dst 10.5.126.22 -p udp -m udp --dport 53 -j ACCEPT
 -A OUTPUT --dst 10.5.126.22 -p tcp -m tcp --dport 53 -j ACCEPT
 
+# Allow infrastructure.fp.o http and https
+-A OUTPUT --dst 10.5.126.23 -p tcp -m tcp --dport 80 -j ACCEPT
+-A OUTPUT --dst 10.5.126.23 -p tcp -m tcp --dport 443 -j ACCEPT
+
+# Allow https to proxies
+-A OUTPUT --dst 10.5.126.8 -p tcp -m tcp --dport 443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.9 -p tcp -m tcp --dport 443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.51 -p tcp -m tcp --dport 443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.52 -p tcp -m tcp --dport 443 -j ACCEPT
+
 # otherwise kick everything out
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited