infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

fix the kojibuilder firewall for udp and ss

Browse source
This commit is contained in:
Stephen Smoogen 2020-06-07 15:41:54 -04:00
parent 11baf9ef99
commit 0266f2541d
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
roles/base/templates/iptables/iptables.kojibuilder
View file

@ -100,8 +100,8 @@
# SSH
-A INPUT -p tcp -m tcp -s 10.5.0.0/16 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.5.0.0/16 --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 10.3.16.0/19 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.3.16.0/19 --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 10.3.160.0/19 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.3.160.0/19 --sport 22 -j ACCEPT
{% if inventory_hostname.startswith (('buildvm-s390x-15', 'buildvm-s390x-16','buildvm-s390x-17')) %}
# Allow SSHFS binding to koji01
@ -223,8 +223,8 @@ COMMIT
# DNS
-A OUTPUT -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.3.163.34 --dport 53 -j ACCEPT
-A OUTPUT -p udp -m tcp -d 10.3.163.33 --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m udp -d 10.3.163.34 --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.3.163.34 --dport 53 -j ACCEPT
# bastion smtp