Allow kadmin

author Clinton Ebadi <clinton@unknownlamer.org>

Thu, 6 Dec 2012 07:53:48 +0000 (02:53 -0500)

committer Clinton Ebadi <clinton@unknownlamer.org>

Thu, 6 Dec 2012 07:53:48 +0000 (02:53 -0500)
author Clinton Ebadi <clinton@unknownlamer.org>
Thu, 6 Dec 2012 07:53:48 +0000 (02:53 -0500)
committer Clinton Ebadi <clinton@unknownlamer.org>
Thu, 6 Dec 2012 07:53:48 +0000 (02:53 -0500)
diff --git a/debian/changelog b/debian/changelog

index 68075f7..22c8571 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+hcoop-firewall-config (2) stable; urgency=low
+
+  * Allow outbound kadmin by default (to e.g. extract host keytab)
+
+ -- Clinton Ebadi <clinton@unknownlamer.org>  Thu, 06 Dec 2012 02:52:36 -0500
+
  hcoop-firewall-config (1) stable; urgency=low
  
    * Include service firewall rules Instead of a per-machine package, keep the ports with the service for now. Ideally domtool would handle all of this.
diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop

index 12c90d7..a85e14d 100644 (file)
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -47,6 +47,7 @@ table filter {
         proto tcp dport 1235 ACCEPT;
  
         proto (tcp udp) dport ( kerberos afs3-fileserver afs3-callback afs3-prserver afs3-vlserver afs3-volser afs3-errors afs3-bos ) ACCEPT;
+       proto tcp dport kerberos-adm ACCEPT;
  
         proto (tcp udp) dport ntp ACCEPT;
         proto (tcp udp) dport domain ACCEPT;
author	Clinton Ebadi <clinton@unknownlamer.org>
	Thu, 6 Dec 2012 07:53:48 +0000 (02:53 -0500)
committer	Clinton Ebadi <clinton@unknownlamer.org>
	Thu, 6 Dec 2012 07:53:48 +0000 (02:53 -0500)
debian/changelog		patch \| blob \| blame \| history
files/ferm.conf.hcoop		patch \| blob \| blame \| history