From b8e6a8a4187099138453612c286cef1557cf8b40 Mon Sep 17 00:00:00 2001
From: toby <toby@wit.com>
Date: Fri, 5 Apr 2019 00:17:39 +0000
Subject: [PATCH] doh, ipv6 we want not ipv4 ;)

---
 files/firewall | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/firewall b/files/firewall
index 046e349..4fdf127 100755
--- a/files/firewall
+++ b/files/firewall
@@ -32,7 +32,6 @@ case $1 in
         iptables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --sports  6800:7300                             -j ACCEPT   -m comment --comment "ceph osd traffic"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --dport   6789                                  -j ACCEPT   -m comment --comment "ceph mon traffic"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --sport   6789                                  -j ACCEPT   -m comment --comment "ceph mon traffic"
-        iptables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --sport   4000                                  -j ACCEPT   -m comment --comment "stackapi traffic"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p udp   --dport   4789                                  -j ACCEPT   -m comment --comment "vxlan traffic"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p udp   --sport    123                                  -j ACCEPT   -m comment --comment "ntp replies for anything over the VPN"
         iptables -A INPUT -m policy --pol ipsec --dir in                    -p udp   --sport     53                                  -j ACCEPT   -m comment --comment "dns replies from anything over the VPN"
@@ -105,7 +104,8 @@ case $1 in
         ip6tables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --dport     22                      -j ACCEPT   -m comment --comment "ssh if coming over the VPN"
         ip6tables -A INPUT -m policy --pol ipsec --dir in                    -p udp   --sport     53                      -j ACCEPT   -m comment --comment "dns replies from anything over the VPN"
         ip6tables -A INPUT -m policy --pol ipsec --dir in                    -p udp   --sport    123                      -j ACCEPT   -m comment --comment "ntp if coming over the VPN"
-        ip6tables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --sport   2379                      -j ACCEPT   -m comment --comment "etcd replies from stackapi"
+        #ip6tables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --sport   2379                      -j ACCEPT   -m comment --comment "etcd replies from stackapi"
+        ip6tables -A INPUT -m policy --pol ipsec --dir in                    -p tcp   --sport   4000                      -j ACCEPT   -m comment --comment "stackapi replies"
         ip6tables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --dports 49152:49215                -j ACCEPT   -m comment --comment "libvirt live migration"
         ip6tables -A INPUT -m policy --pol ipsec --dir in  -m multiport      -p tcp   --sports 49152:49215                -j ACCEPT   -m comment --comment "libvirt live migration"