Open database ports for all nodes, at least for now.

author Clinton Ebadi <clinton@unknownlamer.org>

Sun, 16 Dec 2012 03:46:13 +0000 (22:46 -0500)

committer Clinton Ebadi <clinton@unknownlamer.org>

Sun, 16 Dec 2012 03:46:13 +0000 (22:46 -0500)
author Clinton Ebadi <clinton@unknownlamer.org>
Sun, 16 Dec 2012 03:46:13 +0000 (22:46 -0500)
committer Clinton Ebadi <clinton@unknownlamer.org>
Sun, 16 Dec 2012 03:46:13 +0000 (22:46 -0500)
diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop

index 3a6b659..56da7a3 100644 (file)
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -58,6 +58,11 @@ table filter {
         # access. We'll leave that for the wheezy machines.
         proto tcp dport smtp daddr mail.hcoop.net ACCEPT;
  
+       # At least for now, open ports to database servers. If dbtool
+       # adduser could also add firewall rules, that would be better.
+       proto (tcp udp) dport mysql daddr mysql.hcoop.net ACCEPT;
+       proto (tcp udp) dport (postgresql 5433) daddr postgres.hcoop.net ACCEPT;
+
          # root needs port 80 for things like apt-get
         mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
author	Clinton Ebadi <clinton@unknownlamer.org>
	Sun, 16 Dec 2012 03:46:13 +0000 (22:46 -0500)
committer	Clinton Ebadi <clinton@unknownlamer.org>
	Sun, 16 Dec 2012 03:46:13 +0000 (22:46 -0500)