CHANGE Request: iptables on builders for ntp
Dennis Gilmore
dennis at ausil.us
Tue May 18 02:49:51 UTC 2010
we need to allow the builders to talk to the ntp servers to make sure they
have correct time.
diff --git a/manifests/servergroups/build.pp b/manifests/servergroups/build.pp
index 0c222ef..181ce5c 100644
--- a/manifests/servergroups/build.pp
+++ b/manifests/servergroups/build.pp
@@ -18,6 +18,10 @@ class build {
custom => [ '-A OUTPUT -d 127.0.0.0/8 -j ACCEPT',
'-A OUTPUT -d 10.0.0.0/8 -j ACCEPT',
'-A OUTPUT -d 209.132.176.0/24 -j ACCEPT',
+ '-A OUTPUT -m udp -p udp -dport 123 -d 66.187.233.4 -j
ACCEPT',
+ '-A OUTPUT -m udp -p udp -dport 123 -d 192.43.244.18 -j
ACCEPT',
+ '-A OUTPUT -m udp -p udp -dport 123 -d 128.118.25.5 -j
ACCEPT',
+ '-A OUTPUT -m udp -p udp -dport 123 -d 204.152.184.72 -j
ACCEPT',
'-A OUTPUT -m tcp -p tcp -j REJECT',
'-A OUTPUT -m udp -p udp -j REJECT' ]
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20100517/02d97e99/attachment.bin
More information about the infrastructure
mailing list