From fd9c8ac5a30d35c2046b9ad43ff8daca72a83959 Mon Sep 17 00:00:00 2001
From: Till Maas <opensource@till.name>
Date: Mon, 7 Dec 2015 19:54:43 +0100
Subject: [PATCH] autosign: make connections from sigul stateless

---
 inventory/group_vars/autosign | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inventory/group_vars/autosign b/inventory/group_vars/autosign
index 952ddee128..33c3bb978d 100644
--- a/inventory/group_vars/autosign
+++ b/inventory/group_vars/autosign
@@ -7,6 +7,10 @@ num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 
+# Make connections from signing bridges stateless, they break sigul connections
+# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
+custom_rules: ['-A INPUT --proto tcp --sport 44334 --souce sign-bridge01.phx2.fedoraproject.org,secondary-bridge01.qa.fedoraproject.org -j ACCEPT']
+
 fas_client_groups: sysadmin-releng
 host_group: autosign