Updated ifg.in (allow ws.pm <-> fdc.in connection).

author Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>

Tue, 12 Jul 2022 13:43:50 +0000 (15:43 +0200)

committer Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>

Tue, 12 Jul 2022 13:43:50 +0000 (15:43 +0200)
author Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Tue, 12 Jul 2022 13:43:50 +0000 (15:43 +0200)
committer Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Tue, 12 Jul 2022 13:43:50 +0000 (15:43 +0200)
diff --git a/sources/ifg.in/c3d/firstboot/data/nftables.config b/sources/ifg.in/c3d/firstboot/data/nftables.config

index 204b128a42cc631ab6e8bed02ee61ea975216c85..d49cd48ae1041bf41c4e219330e329eb26de8e04 100644 (file)
--- a/sources/ifg.in/c3d/firstboot/data/nftables.config
+++ b/sources/ifg.in/c3d/firstboot/data/nftables.config
@@ -105,6 +105,10 @@ define MINICRM_INTERNAL_IPV4 = 10.228.109.133
  define FDS_INTERNAL_IPV4 = 10.228.109.83
  define FDS_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:6d53
  
+# fedora directory client address (internal network)
+define FDC_INTERNAL_IPV4 = 10.228.109.67
+define FDC_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:6d43
+
  # name server 2 address (internal network)
  define NS2_INTERNAL_IPV4 = 10.228.92.159
  define NS2_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:5c9f
@@ -317,29 +321,33 @@ add rule ip ifg-filter forward \
      ip protocol tcp \
      iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IPV4 tcp sport 1024-65535 \
      oifname $INTERNAL_IF ip daddr { $DVREDMINE_INTERNAL_IPV4, \
+                                    $FDC_INTERNAL_IPV4, \
                                      $STORE_INTERNAL_IPV4, \
                                      $WIKI_INTERNAL_IPV4 } tcp dport http \
-    counter accept comment "Redmine, store and wiki requests"
+    counter accept comment "Fdc, redmine, store and wiki requests"
  add rule ip6 ifg-filter forward \
      iifname $PERIMETER_IF ip6 saddr $WS_PERIMETER_IPV6 tcp sport 1024-65535 \
-    oifname $INTERNAL_IF ip6 daddr { $STORE_INTERNAL_IPV6, \
+    oifname $INTERNAL_IF ip6 daddr { $FDC_INTERNAL_IPV6, \
+                                     $STORE_INTERNAL_IPV6, \
                                       $WIKI_INTERNAL_IPV6 } tcp dport http \
-    counter accept comment "Store and wiki requests"
+    counter accept comment "Fdc, store and wiki requests"
  
  add rule ip ifg-filter forward \
      ct state established \
      ip protocol tcp \
      iifname $INTERNAL_IF ip saddr { $DVREDMINE_INTERNAL_IPV4, \
+                                    $FDC_INTERNAL_IPV4, \
                                      $STORE_INTERNAL_IPV4, \
                                      $WIKI_INTERNAL_IPV4 } tcp sport http \
      oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IPV4 tcp dport 1024-65535 \
-    counter accept comment "Redmine, store and wiki replies"
+    counter accept comment "Fdc, redmine, store and wiki replies"
  add rule ip6 ifg-filter forward \
      ct state established \
-    iifname $INTERNAL_IF ip6 saddr { $STORE_INTERNAL_IPV6, \
+    iifname $INTERNAL_IF ip6 saddr { $FDC_INTERNAL_IPV6, \
+                                     $STORE_INTERNAL_IPV6, \
                                       $WIKI_INTERNAL_IPV6 } tcp sport http \
      oifname $PERIMETER_IF ip6 daddr $WS_PERIMETER_IPV6 tcp dport 1024-65535 \
-    counter accept comment "Store and wiki replies"
+    counter accept comment "Fdc, store and wiki replies"
  
  add rule ip ifg-filter forward \
      ip protocol tcp \
author	Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
	Tue, 12 Jul 2022 13:43:50 +0000 (15:43 +0200)
committer	Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
	Tue, 12 Jul 2022 13:43:50 +0000 (15:43 +0200)