base / iptables: add iad2 ips to kojibuilder (phx2) section
We need to add this for s390x machines so they can talk to and be managed by iad2 stuff. phx2 builders should not be affected, and s390 builders only get the new rules added, so they should keep working with phx2. We will need to clean this up after the move and remove all the phx2 stuff. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
f60844b5b0
commit
fff697a707
1 changed files with 42 additions and 0 deletions
|
|
@ -33,12 +33,18 @@
|
|||
-A OUTPUT -p tcp -m tcp -d 10.5.125.35 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.125.36 --dport 443 -j ACCEPT
|
||||
{% if host in groups['buildvm_s390x'] %}
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.169.106 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.169.107 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.16.0.17 --dport 80 -j ACCEPT
|
||||
{% endif %}
|
||||
|
||||
#koji.fp.o
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.125.63 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.125.63 --dport 443 -j ACCEPT
|
||||
{% if host in groups['buildvm_s390x'] %}
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.169.104 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.169.105 --dport 443 -j ACCEPT
|
||||
{% endif %}
|
||||
|
||||
#arm.koji.fp.o
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.124.138 --dport 80 -j ACCEPT
|
||||
|
|
@ -61,21 +67,38 @@
|
|||
-A OUTPUT -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.21 --dport 53 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.22 --dport 53 -j ACCEPT
|
||||
{% if host in groups['buildvm_s390x'] %}
|
||||
-A OUTPUT -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT
|
||||
-A OUTPUT -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.34 --dport 53 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.34 --dport 53 -j ACCEPT
|
||||
{% endif %}
|
||||
|
||||
# bastion smtp
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.12 --dport 25 -j ACCEPT
|
||||
{% if host in groups['buildvm_s390x'] %}
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.31 --dport 25 -j ACCEPT
|
||||
{% endif %}
|
||||
|
||||
# infra.fp.o
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.23 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.23 --dport 443 -j ACCEPT
|
||||
{% if host in groups['buildvm_s390x'] %}
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.35 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.35 --dport 443 -j ACCEPT
|
||||
{% endif %}
|
||||
|
||||
# rsyslog out to log01
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.13 --dport 514 -j ACCEPT
|
||||
{% if host in groups['buildvm_s390x'] %}
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.39 --dport 514 -j ACCEPT
|
||||
{% endif %}
|
||||
|
||||
# SSH
|
||||
-A INPUT -p tcp -m tcp -s 10.5.0.0/16 --dport 22 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.0.0/16 --sport 22 -j ACCEPT
|
||||
{% if inventory_hostname.startswith (('buildvm-s390x-15', 'buildvm-s390x-16','buildvm-s390x-17')) %}
|
||||
-A INPUT -p tcp -m tcp -s 10.3.0.0/16 --dport 22 -j ACCEPT
|
||||
# Allow SSHFS binding to koji01
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.125.61 --dport 22 -j ACCEPT
|
||||
{% endif %}
|
||||
|
|
@ -103,6 +126,21 @@
|
|||
-A OUTPUT -p tcp -m tcp -d 10.5.126.30 --dport 8443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.25 --dport 8443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.26 --dport 8443 -j ACCEPT
|
||||
{% if host in groups['buildvm_s390x'] %}
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.74 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.74 --dport 443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.75 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.75 --dport 443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.76 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.76 --dport 443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.77 --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.77 --dport 443 -j ACCEPT
|
||||
# for 2 facter auth
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.74 --dport 8443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.75 --dport 8443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.76 --dport 8443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.3.163.77 --dport 8443 -j ACCEPT
|
||||
{% endif %}
|
||||
|
||||
#nfs to vtap-fedora-nfs01.storage.phx2.redhat.com - a little to wide-open - but
|
||||
# kinda necessary
|
||||
|
|
@ -119,6 +157,10 @@
|
|||
# ntp
|
||||
-A OUTPUT -m udp -p udp --dport 123 -d 10.5.126.11 -j ACCEPT
|
||||
-A OUTPUT -m udp -p udp --dport 123 -d 10.5.126.12 -j ACCEPT
|
||||
{% if host in groups['buildvm_s390x'] %}
|
||||
-A OUTPUT -m udp -p udp --dport 123 -d 10.3.163.31 -j ACCEPT
|
||||
-A OUTPUT -m udp -p udp --dport 123 -d 10.3.163.32 -j ACCEPT
|
||||
{% endif %}
|
||||
|
||||
# dhcp
|
||||
-A OUTPUT -m udp -p udp --dport 67 -d 10.5.126.41 -j ACCEPT
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue