Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

cloud-noc01: adjust firewall rules: allow communishift network, open port 124 for ntp

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2019-04-27 18:47:27 +00:00
parent 85adc106ff
commit cbe0963aa9
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
inventory/host_vars/cloud-noc01.cloud.fedoraproject.org
View file

@ -18,11 +18,18 @@ custom_rules: [ '-A INPUT -i br0 -p tcp -m tcp -s 209.132.184.0/24 --dport 67 -
'-A INPUT -i br0 -p udp -m udp -s 209.132.184.0/24 --dport 67 -j ACCEPT',
'-A INPUT -i br0 -p udp -m udp -s 209.132.184.0/24 --dport 68 -j ACCEPT',
'-A INPUT -i br0 -p udp -m udp -s 209.132.184.0/24 --dport 69 -j ACCEPT',
'-A INPUT -i br0 -p tcp -m tcp -s 38.145.48.0/23 --dport 67 -j ACCEPT',
'-A INPUT -i br0 -p tcp -m tcp -s 38.145.48.0/23 --dport 68 -j ACCEPT',
'-A INPUT -i br0 -p tcp -m tcp -s 38.145.48.0/23 --dport 69 -j ACCEPT',
'-A INPUT -i br0 -p udp -m udp -s 38.145.48.0/23 --dport 67 -j ACCEPT',
'-A INPUT -i br0 -p udp -m udp -s 38.145.48.0/23 --dport 68 -j ACCEPT',
'-A INPUT -i br0 -p udp -m udp -s 38.145.48.0/23 --dport 69 -j ACCEPT',
'-A INPUT -i br1 -p tcp -m tcp -s 172.23.0.0/23 --dport 67 -j ACCEPT',
'-A INPUT -i br1 -p tcp -m tcp -s 172.23.0.0/23 --dport 68 -j ACCEPT',
'-A INPUT -i br1 -p tcp -m tcp -s 172.23.0.0/23 --dport 69 -j ACCEPT',
'-A INPUT -i br1 -p udp -m udp -s 172.23.0.0/23 --dport 67 -j ACCEPT',
'-A INPUT -i br1 -p udp -m udp -s 172.23.0.0/23 --dport 68 -j ACCEPT',
'-A INPUT -i br1 -p udp -m udp -s 172.23.0.0/23 --dport 69 -j ACCEPT',
'-A INPUT -i br0 -p udp -m udp -s 209.132.184.0/24 --dport 123 -j ACCEPT' ]
'-A INPUT -i br0 -p udp -m udp -s 209.132.184.0/24 --dport 124 -j ACCEPT' ]
'-A INPUT -i br0 -p udp -m udp -s 38.145.48.0/24 --dport 124 -j ACCEPT' ]