Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Also allow dns out

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2018-01-11 23:02:44 +00:00
parent cc859650e0
commit f94a5f94cd
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
View file

@ -30,6 +30,12 @@
# Allow connection to the database
-A OUTPUT --dst 10.5.126.71 -p tcp -m tcp --dport 5432 -j ACCEPT
# Allow DNS
-A OUTPUT --dst 10.5.126.21 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT --dst 10.5.126.21 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT --dst 10.5.126.22 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT --dst 10.5.126.22 -p tcp -m tcp --dport 53 -j ACCEPT
# otherwise kick everything out
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited