From 39cdb85c092ed8cce11e5e8abb81b3f0583a7b36 Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <ssmoogen@redhat.com>
Date: Jul 22 2020 15:07:46 +0000
Subject: went looking for 10.5.12 firewall entries in case firewall blockage on mbs. These are different ones.


---

diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies
index d43ec39..34b213c 100644
--- a/inventory/group_vars/proxies
+++ b/inventory/group_vars/proxies
@@ -51,20 +51,13 @@ custom_rules: [
 
     # also allow varnish from internal for purge requests
     '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT',
-    '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 6081 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT',
 
     # Allow happinesspackets.fedorainfracloud.org to talk to inbound fedmsg relay.
     '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.58 -j ACCEPT',
 
-    # Allow retrace/faf to talk to the inbound fedmsg relay.
-    # retrace01.qa.fedoraproject.org
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.171 -j ACCEPT',
-    # retrace02.qa.fedoraproject.org
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.172 -j ACCEPT',
-    # Allow resultsdb talk to the inbound fedmsg relay.
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT',
-    # Allow openqa01 to talk to the inbound fedmsg relay.
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.71 -j ACCEPT',
+     # Allow openqa01 to talk to the inbound fedmsg relay.
+    '-A INPUT -p tcp -m tcp --dport 9941 -s 10.3.174.0/24 -j ACCEPT',
 
     # For Zanata
     # See files/httpd/website_id_fp_o_zanata.conf for info
diff --git a/inventory/group_vars/rabbitmq b/inventory/group_vars/rabbitmq
index c86bf10..1faf3e8 100644
--- a/inventory/group_vars/rabbitmq
+++ b/inventory/group_vars/rabbitmq
@@ -24,13 +24,9 @@ tcp_ports: [
 
 custom_rules: [
     # Neeed for rsync from log01 for logs.
-    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
     '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT',
     '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
     # Inter-node traffic
-    '-A INPUT -p tcp -m tcp -s 10.5.126.74 --dport 25672 -j ACCEPT',
-    '-A INPUT -p tcp -m tcp -s 10.5.126.75 --dport 25672 -j ACCEPT',
-    '-A INPUT -p tcp -m tcp -s 10.5.126.76 --dport 25672 -j ACCEPT',
     '-A INPUT -p tcp -m tcp -s 10.3.163.78 --dport 25672 -j ACCEPT',
     '-A INPUT -p tcp -m tcp -s 10.3.163.79 --dport 25672 -j ACCEPT',
     '-A INPUT -p tcp -m tcp -s 10.3.163.80 --dport 25672 -j ACCEPT',