From c31771d0de38e5e14890783abae99ffcb92e4fe8 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 10 Mar 2016 18:54:44 +0000
Subject: [PATCH] Also the osuosl proxies.

---
 roles/base/templates/iptables/iptables.osuosl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/base/templates/iptables/iptables.osuosl b/roles/base/templates/iptables/iptables.osuosl
index ad82724e5b..102ee7c394 100644
--- a/roles/base/templates/iptables/iptables.osuosl
+++ b/roles/base/templates/iptables/iptables.osuosl
@@ -29,6 +29,11 @@
 -A INPUT -p tcp -m tcp --dport 5666  -s 209.132.181.35 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
 
+{% if inventory_hostname in groups['proxies'] %}
+{% for friend in friends4 %}
+-A INPUT --src {{ friend }} -j DROP
+{% endfor %}
+{% endif %}
 
 # if the host/group defines incoming tcp_ports - allow them
 {% if tcp_ports is defined %}