infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

this should allow IAD2 to SSH into s390

Browse source
This commit is contained in:
Stephen Smoogen 2020-06-07 14:54:43 -04:00
parent 197f8aa1db
commit d099a158f6
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
roles/base/templates/iptables/iptables.kojibuilder
View file

@ -100,8 +100,10 @@
# SSH
-A INPUT -p tcp -m tcp -s 10.5.0.0/16 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.5.0.0/16 --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 10.3.16.0/19 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.3.16.0/19 --sport 22 -j ACCEPT
{% if inventory_hostname.startswith (('buildvm-s390x-15', 'buildvm-s390x-16','buildvm-s390x-17')) %}
-A INPUT -p tcp -m tcp -s 10.3.0.0/16 --dport 22 -j ACCEPT
# Allow SSHFS binding to koji01
-A OUTPUT -p tcp -m tcp -d 10.5.125.61 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.3.169.104 --dport 22 -j ACCEPT
@ -236,8 +238,8 @@ COMMIT
-A OUTPUT -p tcp -m tcp -d 10.3.163.39 --dport 514 -j ACCEPT
# SSH
-A INPUT -p tcp -m tcp -s 10.3.0.0/16 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.3.0.0/16 --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 10.3.160.0/19 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp -d 10.3.160.0/19 --sport 22 -j ACCEPT
{% if inventory_hostname.startswith (('buildvm-s390x-15', 'buildvm-s390x-16','buildvm-s390x-17')) %}
# Allow SSHFS binding to koji01
-A OUTPUT -p tcp -m tcp -d 10.3.169.104 --dport 22 -j ACCEPT