From 1d7942e8ffdbb649d975e38dbbf282d28d87d902 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 15 Dec 2022 15:43:41 +0100
Subject: [dnbd3-proxy-mode/run-virt] Firewall: Whitelist dnbd3-servers if
 local caching is enabled

We patch the config to say 127.0.0.1 is the only dnbd3 server,
discarding the actually configured servers. This breaks the automatic
whitelisting of the dnbd3 servers/proxies if a vm/course has firewalling
enabled.
---
 core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall | 1 +
 1 file changed, 1 insertion(+)

(limited to 'core/modules/run-virt/data/opt/openslx')

diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
index 51047a99..a1af17dc 100644
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
@@ -77,6 +77,7 @@ add_ips "IN" "127.0.0.0/8" 0 "ACCEPT"
 add_ips "OUT" "127.0.0.0/8" 0 "ACCEPT"
 add_ips "OUT" "$SLX_DNS" 53 "ACCEPT"
 add_ips "OUT" "$SLX_DNBD3_SERVERS" 5003 "ACCEPT"
+add_ips "OUT" "$SLX_DNBD3_FALLBACK" 5003 "ACCEPT"
 add_ips "OUT" "$SLX_KCL_SERVERS $SLX_SERVER_IP" 0 "ACCEPT"
 
 # sssd
-- 
cgit v1.2.3-55-g7522