mm-frontend-checkin01: add totpci to iptables so sudo will work.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2019-05-09 16:47:49 +00:00 · 2019-05-09 16:47:49 +00:00 · 7e18ec152d
commit 7e18ec152d
parent 305b40c916
1 changed files with 5 additions and 0 deletions
--- a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
+++ b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
@ -36,6 +36,11 @@
 -A OUTPUT --dst 10.5.126.22 -p udp -m udp --dport 53 -j ACCEPT
 -A OUTPUT --dst 10.5.126.22 -p tcp -m tcp --dport 53 -j ACCEPT

+# Allow totpcgi
+-A OUTPUT --dst 10.5.126.25 -p tcp -m tcp --dport 8443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.26 -p tcp -m tcp --dport 8443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.30 -p tcp -m tcp --dport 8443 -j ACCEPT
+
 # Allow infrastructure.fp.o http and https
 -A OUTPUT --dst 10.5.126.23 -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT --dst 10.5.126.23 -p tcp -m tcp --dport 443 -j ACCEPT