From fede1317e78b3ecee97280b10af76d8156aeef1b Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <ssmoogen@redhat.com>
Date: Mon, 31 Aug 2020 11:09:05 -0400
Subject: [PATCH] proxy*.stg.iad2.fedoraproject.org is not on the vpn

---
 inventory/host_vars/proxy01.stg.iad2.fedoraproject.org |  2 ++
 inventory/host_vars/proxy02.stg.iad2.fedoraproject.org |  2 ++
 roles/base/templates/iptables/iptables.kojibuilder     | 10 ++++++----
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org b/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org
index 78adf61266..ca62ff2abe 100644
--- a/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org
@@ -16,3 +16,5 @@ sponsor: redhat
 
 nrpe_procs_warn: 1200
 nrpe_procs_crit: 1400
+
+vpn: false
diff --git a/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org b/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org
index 268542d0d0..d06ca72080 100644
--- a/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org
@@ -17,3 +17,5 @@ sponsor: redhat
 
 nrpe_procs_warn: 1200
 nrpe_procs_crit: 1400
+
+vpn: false
diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index a3819777c5..805cf735f3 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -78,10 +78,12 @@
 -A OUTPUT -p tcp -m tcp -d 10.3.163.76 --dport 443 -j ACCEPT
 -A OUTPUT -p tcp -m tcp -d 10.3.163.77 --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp -d 10.3.163.77 --dport 443 -j ACCEPT
-# for 2 facter auth
--A OUTPUT -p tcp -m tcp -d 10.3.163.69 --dport 8443 -j ACCEPT
--A OUTPUT -p tcp -m tcp -d 10.3.163.70 --dport 8443 -j ACCEPT
--A OUTPUT -p tcp -m tcp -d 10.3.163.71 --dport 8443 -j ACCEPT
+# for 2 facter auth (fas-all)
+-A OUTPUT -p tcp -m tcp -d 10.3.163.74 --dport 8443 -j ACCEPT
+-A OUTPUT -p tcp -m tcp -d 10.3.163.75 --dport 8443 -j ACCEPT
+-A OUTPUT -p tcp -m tcp -d 10.3.163.76 --dport 8443 -j ACCEPT
+-A OUTPUT -p tcp -m tcp -d 10.3.163.77 --dport 8443 -j ACCEPT
+
 
 #nfs to vtap-fedora-nfs01.storage.phx2.redhat.com - a little to wide-open - but 
 # kinda necessary