Re: CHANGE Request: iptables on builders for ntp

Jon Stanley <jonstanley@xxxxxxxxx> · Mon, 17 May 2010 22:57:02 -0400



On Mon, May 17, 2010 at 10:49 PM, Dennis Gilmore <dennis@xxxxxxxx> wrote:
> we need to allow the builders to talk to the ntp servers to make sure they
> have correct time.
>
> diff --git a/manifests/servergroups/build.pp b/manifests/servergroups/build.pp
> index 0c222ef..181ce5c 100644
> --- a/manifests/servergroups/build.pp
> +++ b/manifests/servergroups/build.pp
> @@ -18,6 +18,10 @@ class build {
>         custom => [ '-A OUTPUT -d 127.0.0.0/8 -j ACCEPT',
>                 '-A OUTPUT -d 10.0.0.0/8 -j ACCEPT',
>                 '-A OUTPUT -d 209.132.176.0/24 -j ACCEPT',
> +                '-A OUTPUT -m udp -p udp -dport 123 -d 66.187.233.4 -j
> ACCEPT',
> +                '-A OUTPUT -m udp -p udp -dport 123 -d 192.43.244.18 -j
> ACCEPT',
> +                '-A OUTPUT -m udp -p udp -dport 123 -d 128.118.25.5 -j
> ACCEPT',
> +                '-A OUTPUT -m udp -p udp -dport 123 -d 204.152.184.72 -j
> ACCEPT',
>                 '-A OUTPUT -m tcp -p tcp -j REJECT',
>                 '-A OUTPUT -m udp -p udp -j REJECT' ]
>     }

+1
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure