From 01292bba605e9ddd7d999c500e010692dc9798fa Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 14 Dec 2016 18:37:50 +0000 Subject: [PATCH] Allow OSBS to contact krb Signed-off-by: Patrick Uiterwijk --- files/osbs/fix-docker-iptables.production | 4 ++++ files/osbs/fix-docker-iptables.staging | 3 +++ 2 files changed, 7 insertions(+) diff --git a/files/osbs/fix-docker-iptables.production b/files/osbs/fix-docker-iptables.production index 52ee20713c..a30f414271 100644 --- a/files/osbs/fix-docker-iptables.production +++ b/files/osbs/fix-docker-iptables.production @@ -47,6 +47,10 @@ iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT +# Kerberos +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 1088 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 1088 -j ACCEPT + # dl.phx2 iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT diff --git a/files/osbs/fix-docker-iptables.staging b/files/osbs/fix-docker-iptables.staging index 99dc7ca71e..7b4b6aee22 100644 --- a/files/osbs/fix-docker-iptables.staging +++ b/files/osbs/fix-docker-iptables.staging @@ -70,6 +70,9 @@ iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT # proxy iptables -A FILTER_FORWARD -p tcp --dst 10.5.126.88 --dport 443 -j ACCEPT +# Kerberos +iptables -A FILTER_FORWARD -p tcp --dst 10.5.126.88 --dport 1088 -j ACCEPT + iptables -A FILTER_FORWARD -j REJECT --reject-with icmp-host-prohibited