cut down the list of hosts external

author: Stephen Smoogen <smooge@redhat.com> 2017-06-23 19:19:18 +0000
committer: Stephen Smoogen <smooge@redhat.com> 2017-06-23 19:19:18 +0000
commit: 06be05edfb3ee46acfc4989429c1aff008c2c159 (patch)
tree: a2bbef6146a4c096413e62176089c48d293c59ec /roles/base
parent: af858685267a89982e9db8e2e95451752fd8b425 (diff)
download: ansible-06be05edfb3ee46acfc4989429c1aff008c2c159.tar.gz
ansible-06be05edfb3ee46acfc4989429c1aff008c2c159.tar.xz
ansible-06be05edfb3ee46acfc4989429c1aff008c2c159.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/roles/base/templates/iptables/ip6tables b/roles/base/templates/iptables/ip6tables
index 778599abc..921435cd0 100644
--- a/roles/base/templates/iptables/ip6tables
+++ b/roles/base/templates/iptables/ip6tables
@@ -27,6 +27,9 @@
 # allow ssh - always
 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
 
+# for nrpe (if we want noc02 to be able to get into remote systems)
+#-A INPUT -p tcp -m tcp --dport 5666 -s 2610:28:3090:3001:dead:beef:cafe:fed9 -j ACCEPT
+
 # if the host/group defines incoming tcp_ports - allow them
 {% if tcp_ports is defined %}
 {% for port in tcp_ports %}
author	Stephen Smoogen <smooge@redhat.com>	2017-06-23 19:19:18 +0000
committer	Stephen Smoogen <smooge@redhat.com>	2017-06-23 19:19:18 +0000
commit	06be05edfb3ee46acfc4989429c1aff008c2c159 (patch)
tree	a2bbef6146a4c096413e62176089c48d293c59ec /roles/base
parent	af858685267a89982e9db8e2e95451752fd8b425 (diff)
download	ansible-06be05edfb3ee46acfc4989429c1aff008c2c159.tar.gz ansible-06be05edfb3ee46acfc4989429c1aff008c2c159.tar.xz ansible-06be05edfb3ee46acfc4989429c1aff008c2c159.zip