Allow OSBS to contact krb

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-14 18:37:50 +00:00 · 2016-12-14 18:37:50 +00:00 · 01292bba60
commit 01292bba60
parent 19d85c27e9
2 changed files with 7 additions and 0 deletions
--- a/files/osbs/fix-docker-iptables.production
+++ b/files/osbs/fix-docker-iptables.production
@ -47,6 +47,10 @@ iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
 iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
 iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT

+# Kerberos
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 1088 -j ACCEPT
+iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 1088 -j ACCEPT
+
 # dl.phx2
 iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
 iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
--- a/files/osbs/fix-docker-iptables.staging
+++ b/files/osbs/fix-docker-iptables.staging
@ -70,6 +70,9 @@ iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
 # proxy
 iptables -A FILTER_FORWARD -p tcp --dst 10.5.126.88 --dport 443 -j ACCEPT

+# Kerberos
+iptables -A FILTER_FORWARD -p tcp --dst 10.5.126.88 --dport 1088 -j ACCEPT
+

 iptables -A FILTER_FORWARD -j REJECT --reject-with icmp-host-prohibited