From aa3e21cb89fb3a42b6fbd1e5667d29315b84dded Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 24 Jun 2025 12:17:42 -0700
Subject: [PATCH] nftables / kojibuilder/rdu3: also allow proxy01/10.iad2
 external ips for kojipkgs there, fix after move

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/templates/nftables/nftables.kojibuilder | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/base/templates/nftables/nftables.kojibuilder b/roles/base/templates/nftables/nftables.kojibuilder
index e54e0167e1..19370379be 100644
--- a/roles/base/templates/nftables/nftables.kojibuilder
+++ b/roles/base/templates/nftables/nftables.kojibuilder
@@ -105,6 +105,8 @@ add rule ip filter OUTPUT ip daddr 10.16.163.35 tcp dport 443 counter accept
 # temp allow external iad2 infra until after the move
 add rule ip filter OUTPUT ip daddr 38.145.60.16 tcp dport  80 counter accept
 add rule ip filter OUTPUT ip daddr 38.145.60.16 tcp dport 443 counter accept
+add rule ip filter OUTPUT ip daddr 38.145.60.20 tcp dport 443 counter accept
+add rule ip filter OUTPUT ip daddr 38.145.60.21 tcp dport 443 counter accept
 
 # rsyslog out to log01
 add rule ip filter OUTPUT ip daddr 10.16.163.39 tcp dport 514 counter accept