From 37abcba778841e78043b656d055562732fecd86e Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@redhat.com>
Date: Tue, 18 Feb 2020 19:53:28 +0000
Subject: [PATCH] [storinator] when adding hosts to mount a service make sure
 the firewall allows it in

---
 .../storinator01.fedorainfracloud.org         | 21 ++++++++++++-------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/inventory/host_vars/storinator01.fedorainfracloud.org b/inventory/host_vars/storinator01.fedorainfracloud.org
index fd25f99856..a6da78c373 100644
--- a/inventory/host_vars/storinator01.fedorainfracloud.org
+++ b/inventory/host_vars/storinator01.fedorainfracloud.org
@@ -27,18 +27,23 @@ udp_ports_eth1: [ 111, 2049 ]
 
 custom_rules: [ 
                 '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.163 --dport 111 -j ACCEPT', 
-                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.179 --dport 111 -j ACCEPT', 
-                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.163 --dport 2049 -j ACCEPT', 
-                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.179 --dport 2049 -j ACCEPT', 
                 '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.163 --dport 20048 -j ACCEPT', 
+                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.163 --dport 2049 -j ACCEPT', 
+                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.179 --dport 111 -j ACCEPT', 
                 '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.179 --dport 20048 -j ACCEPT', 
-                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.163 --dport 111 -j ACCEPT', 
-                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.179 --dport 111 -j ACCEPT', 
-                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.163 --dport 2049 -j ACCEPT', 
-                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.179 --dport 2049 -j ACCEPT', 
+                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.179 --dport 2049 -j ACCEPT', 
+                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.48  --dport 111 -j ACCEPT', 
+                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.48  --dport 20048 -j ACCEPT', 
+                '-A INPUT -p tcp -m tcp -i eth0 -s 209.132.184.48  --dport 2049 -j ACCEPT', 
                 '-A INPUT -p tcp -m tcp -i eth0 -s 38.145.48.11/27 --dport 111 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -i eth0 -s 38.145.48.11/27 --dport 2049 -j ACCEPT',
                 '-A INPUT -p tcp -m tcp -i eth0 -s 38.145.48.11/27 --dport 20048 -j ACCEPT',
+                '-A INPUT -p tcp -m tcp -i eth0 -s 38.145.48.11/27 --dport 2049 -j ACCEPT',
+                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.163 --dport 111 -j ACCEPT', 
+                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.163 --dport 2049 -j ACCEPT', 
+                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.179 --dport 111 -j ACCEPT', 
+                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.179 --dport 2049 -j ACCEPT', 
+                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.48 --dport 111 -j ACCEPT', 
+                '-A INPUT -p udp -m udp -i eth0 -s 209.132.184.48 --dport 2049 -j ACCEPT', 
                 '-A INPUT -p udp -m udp -i eth0 -s 38.145.48.11/27 --dport 111 -j ACCEPT',
                 '-A INPUT -p udp -m udp -i eth0 -s 38.145.48.11/27 --dport 2049 -j ACCEPT',
 ]