From 30eecc7f51618169aa5534c11d848283c21aa94c Mon Sep 17 00:00:00 2001
From: toby <toby@wit.com>
Date: Thu, 4 Apr 2019 23:35:07 +0000
Subject: [PATCH] allowing stackapi traffic over the VPN

---
 files/firewall | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/firewall b/files/firewall
index 6c4f95a..046e349 100755
--- a/files/firewall
+++ b/files/firewall
@@ -32,6 +32,7 @@ case $1 in
         iptables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --sports  6800:7300                             -j ACCEPT   -m comment --comment "ceph osd traffic"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --dport   6789                                  -j ACCEPT   -m comment --comment "ceph mon traffic"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --sport   6789                                  -j ACCEPT   -m comment --comment "ceph mon traffic"
+        iptables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --sport   4000                                  -j ACCEPT   -m comment --comment "stackapi traffic"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p udp   --dport   4789                                  -j ACCEPT   -m comment --comment "vxlan traffic"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p udp   --sport    123                                  -j ACCEPT   -m comment --comment "ntp replies for anything over the VPN"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p udp   --sport     53                                  -j ACCEPT   -m comment --comment "dns replies from anything over the VPN"