From d0c938a7e996ae5479254ad11a2f1700f0bf8367 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Sat, 12 Aug 2017 01:02:05 +0000
Subject: Open firewall enough from s390x-01 for sshfs

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/base/templates/iptables/iptables.kojibuilder | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index a24963309..2a88ac806 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -77,6 +77,10 @@
 # SSH
 -A INPUT -p tcp -m tcp -s 10.5.0.0/16 --dport 22 -j ACCEPT 
 -A OUTPUT -p tcp -m tcp -d 10.5.0.0/16 --sport 22  -j ACCEPT
+{% if inventory_hostname == "buildvm-s390x-01.s390.fedoraproject.org" %}
+# Allow SSHFS binding to koji01
+-A OUTPUT -p tcp -m tcp -d 10.5.125.61 --dport 22  -j ACCEPT
+{% endif %}
 
 # git to pkgs
 -A OUTPUT -m tcp -p tcp --dport 9418 -d 10.5.125.44 -j ACCEPT
-- 
cgit