From e5e1f1838c97d53c4c53930bea9031319d3cdb5e Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Sat, 15 Dec 2012 22:46:13 -0500
Subject: [PATCH] Open database ports for all nodes, at least for now.

---
 files/ferm.conf.hcoop | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop
index 3a6b659..56da7a3 100644
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -58,6 +58,11 @@ table filter {
 	# access. We'll leave that for the wheezy machines.
 	proto tcp dport smtp daddr mail.hcoop.net ACCEPT;
 
+	# At least for now, open ports to database servers. If dbtool
+	# adduser could also add firewall rules, that would be better.
+	proto (tcp udp) dport mysql daddr mysql.hcoop.net ACCEPT;
+	proto (tcp udp) dport (postgresql 5433) daddr postgres.hcoop.net ACCEPT;
+
         # root needs port 80 for things like apt-get
 	mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
 
-- 
2.20.1