From d099a158f6ddfec2cf8b7995ffc37c3668c0995f Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@gmail.com>
Date: Sun, 7 Jun 2020 14:54:43 -0400
Subject: [PATCH] this should allow IAD2 to SSH into s390

---
 roles/base/templates/iptables/iptables.kojibuilder | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index 491994cfe3..2b9ff91183 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -100,8 +100,10 @@
 # SSH
 -A INPUT -p tcp -m tcp -s 10.5.0.0/16 --dport 22 -j ACCEPT 
 -A OUTPUT -p tcp -m tcp -d 10.5.0.0/16 --sport 22  -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.3.16.0/19 --dport 22 -j ACCEPT 
+-A OUTPUT -p tcp -m tcp -d 10.3.16.0/19 --sport 22  -j ACCEPT
+
 {% if inventory_hostname.startswith (('buildvm-s390x-15', 'buildvm-s390x-16','buildvm-s390x-17')) %}
--A INPUT -p tcp -m tcp -s 10.3.0.0/16 --dport 22 -j ACCEPT 
 # Allow SSHFS binding to koji01
 -A OUTPUT -p tcp -m tcp -d 10.5.125.61 --dport 22  -j ACCEPT
 -A OUTPUT -p tcp -m tcp -d 10.3.169.104 --dport 22  -j ACCEPT
@@ -236,8 +238,8 @@ COMMIT
 -A OUTPUT -p tcp -m tcp -d 10.3.163.39 --dport 514 -j ACCEPT
 
 # SSH
--A INPUT -p tcp -m tcp -s 10.3.0.0/16 --dport 22 -j ACCEPT 
--A OUTPUT -p tcp -m tcp -d 10.3.0.0/16 --sport 22  -j ACCEPT
+-A INPUT -p tcp -m tcp -s 10.3.160.0/19 --dport 22 -j ACCEPT 
+-A OUTPUT -p tcp -m tcp -d 10.3.160.0/19 --sport 22  -j ACCEPT
 {% if inventory_hostname.startswith (('buildvm-s390x-15', 'buildvm-s390x-16','buildvm-s390x-17')) %}
 # Allow SSHFS binding to koji01
 -A OUTPUT -p tcp -m tcp -d 10.3.169.104 --dport 22  -j ACCEPT