From fbc18add5079cba212b81712a42a7ad3e3883fd1 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 28 Jul 2022 12:54:03 -0700
Subject: [PATCH] koji_builder: make iptables rule staging only until we are
 sure it is working there

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/templates/iptables/iptables.kojibuilder | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index 4d8d0036ea..def2052dbd 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -27,8 +27,10 @@
 {% endfor %}
 {% endif %}
 
+{% if host in groups['staging'] %}
 # osbuild api for osbuild koji plugin
 -A OUTPUT -p tcp --dport 443 -m set --match-set osbuildapi dst -j ACCEPT
+{% endif %}
 
 # kojipkgs
 {% if host in groups['buildvm_s390x'] %}