From 0266f2541d6cfcd380ace94e8a2a3460eaa360bf Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Sun, 7 Jun 2020 15:41:54 -0400 Subject: [PATCH] fix the kojibuilder firewall for udp and ss --- roles/base/templates/iptables/iptables.kojibuilder | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index f48d701aaf..e95ad83fd7 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -100,8 +100,8 @@ # SSH -A INPUT -p tcp -m tcp -s 10.5.0.0/16 --dport 22 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.0.0/16 --sport 22 -j ACCEPT --A INPUT -p tcp -m tcp -s 10.3.16.0/19 --dport 22 -j ACCEPT --A OUTPUT -p tcp -m tcp -d 10.3.16.0/19 --sport 22 -j ACCEPT +-A INPUT -p tcp -m tcp -s 10.3.160.0/19 --dport 22 -j ACCEPT +-A OUTPUT -p tcp -m tcp -d 10.3.160.0/19 --sport 22 -j ACCEPT {% if inventory_hostname.startswith (('buildvm-s390x-15', 'buildvm-s390x-16','buildvm-s390x-17')) %} # Allow SSHFS binding to koji01 @@ -223,8 +223,8 @@ COMMIT # DNS -A OUTPUT -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT --A OUTPUT -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT --A OUTPUT -p tcp -m tcp -d 10.3.163.34 --dport 53 -j ACCEPT +-A OUTPUT -p udp -m tcp -d 10.3.163.33 --dport 53 -j ACCEPT +-A OUTPUT -p tcp -m udp -d 10.3.163.34 --dport 53 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.3.163.34 --dport 53 -j ACCEPT # bastion smtp