WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Also allow dns out

Browse Source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
2018-01-11 23:02:44 +00:00
parent cc859650e0
commit f94a5f94cd
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/base/templates/iptables/iptables.mm-frontend-checkin01.phx2.fedoraproject.org
View File

@@ -30,6 +30,12 @@
# Allow connection to the database
-A OUTPUT --dst 10.5.126.71 -p tcp -m tcp --dport 5432 -j ACCEPT
# Allow DNS
-A OUTPUT --dst 10.5.126.21 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT --dst 10.5.126.21 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT --dst 10.5.126.22 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT --dst 10.5.126.22 -p tcp -m tcp --dport 53 -j ACCEPT
# otherwise kick everything out
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited