Allow ntp from internal phx2 10 nets to bastion servers.

2026-04-29 04:51:16 +08:00 · 2015-12-08 19:30:30 +00:00
parent 9511bfe231
commit 4e49aac830
1 changed files with 2 additions and 0 deletions
--- a/inventory/group_vars/bastion
+++ b/inventory/group_vars/bastion
@@ -12,9 +12,11 @@ udp_ports: [ 1194 ]

 #
 # drop incoming traffic from less trusted vpn hosts
+# allow ntp from internal phx2 10 nets
 #
 custom_rules: [
    '-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited',
+    '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT',
 ]
 #
 # allow a bunch of sysadmin groups here so they can access internal stuff