| |
@@ -30,48 +30,47 @@
|
| |
|
| |
# Now insert access to allowed boxes
|
| |
# docker-registry
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.56 --dport 443 -j ACCEPT
|
| |
+ #iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.56 --dport 443 -j ACCEPT
|
| |
|
| |
#koji.fp.o
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.61 --dport 80 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.61 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.104 --dport 80 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.104 --dport 443 -j ACCEPT
|
| |
|
| |
# pkgs
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.44 --dport 80 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.44 --dport 443 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.44 --dport 9418 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.116 --dport 80 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.116 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.169.116 --dport 9418 -j ACCEPT
|
| |
|
| |
# DNS
|
| |
- iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p udp -m udp -d 10.3.163.33 --dport 53 -j ACCEPT
|
| |
|
| |
# mirrors.fp.o
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.8 --dport 443 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.9 --dport 443 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.76 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.77 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.75 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.74 --dport 443 -j ACCEPT
|
| |
|
| |
# infrastructure.fp.o (infra repos)
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.23 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.35 --dport 443 -j ACCEPT
|
| |
|
| |
# Kerberos
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.8 --dport 1088 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.9 --dport 1088 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 1088 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 1088 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.76 --dport 1088 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.77 --dport 1088 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.75 --dport 1088 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.74 --dport 1088 -j ACCEPT
|
| |
|
| |
# dl.phx2
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
|
| |
- iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
|
| |
-
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.49 --dport 80 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.49 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.50 --dport 80 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.50 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.51 --dport 80 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.51 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.85 --dport 80 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.85 --dport 443 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.84 --dport 80 -j ACCEPT
|
| |
+ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.3.163.84 --dport 443 -j ACCEPT
|
| |
|
| |
# Docker is CRAZY and forces Google DNS upon us.....
|
| |
iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
|
| |
we should update that comment to replace phx2 by iad2