From f94a5f94cde6b600a4abede8530aa07bfefa52b3 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 11 Jan 2018 23:02:44 +0000
Subject: [PATCH] Also allow dns out

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 .../iptables.mm-frontend-checkin01.phx2.fedoraproject.org   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
index bb0f2f96c1..3a13292b05 100644
--- a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
+++ b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
@@ -30,6 +30,12 @@
 # Allow connection to the database
 -A OUTPUT --dst 10.5.126.71 -p tcp -m tcp --dport 5432 -j ACCEPT
 
+# Allow DNS
+-A OUTPUT --dst 10.5.126.21 -p udp -m udp --dport 53 -j ACCEPT
+-A OUTPUT --dst 10.5.126.21 -p tcp -m tcp --dport 53 -j ACCEPT
+-A OUTPUT --dst 10.5.126.22 -p udp -m udp --dport 53 -j ACCEPT
+-A OUTPUT --dst 10.5.126.22 -p tcp -m tcp --dport 53 -j ACCEPT
+
 # otherwise kick everything out
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited