From 7e18ec152dba22390ccd18ac257dc7ee4d60fef0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 9 May 2019 16:47:49 +0000
Subject: [PATCH] mm-frontend-checkin01: add totpci to iptables so sudo will
 work.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../iptables.mm-frontend-checkin01.phx2.fedoraproject.org    | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
index b39fb0ffc5..3563088b4a 100644
--- a/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
+++ b/roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
@@ -36,6 +36,11 @@
 -A OUTPUT --dst 10.5.126.22 -p udp -m udp --dport 53 -j ACCEPT
 -A OUTPUT --dst 10.5.126.22 -p tcp -m tcp --dport 53 -j ACCEPT
 
+# Allow totpcgi
+-A OUTPUT --dst 10.5.126.25 -p tcp -m tcp --dport 8443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.26 -p tcp -m tcp --dport 8443 -j ACCEPT
+-A OUTPUT --dst 10.5.126.30 -p tcp -m tcp --dport 8443 -j ACCEPT
+
 # Allow infrastructure.fp.o http and https
 -A OUTPUT --dst 10.5.126.23 -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT --dst 10.5.126.23 -p tcp -m tcp --dport 443 -j ACCEPT