From 104adac93f0594ac4620ef1f5acad6d0149a06c3 Mon Sep 17 00:00:00 2001
From: Karol Babioch <kbabioch@suse.de>
Date: Nov 12 2019 14:49:17 +0000
Subject: Merge branch 'slimhat-firewall' into 'production'


Adaptations to firewall of slimhat

See merge request infra/salt!280
---

diff --git a/pillar/id/slimhat_infra_opensuse_org.sls b/pillar/id/slimhat_infra_opensuse_org.sls
index ca89bf3..e8610f8 100644
--- a/pillar/id/slimhat_infra_opensuse_org.sls
+++ b/pillar/id/slimhat_infra_opensuse_org.sls
@@ -41,7 +41,14 @@ firewalld:
         guarantee that we have public access to SSH in case VPN goes down, but
         without exposing SSH to the internet.
       sources:
-        - 195.135.221.151
+        # SUSE's public networks (Nuremberg)
+        - 195.135.220.0/24
+        - 195.135.221.0/24
+        # SUSE's public network (Prague)
+        - 213.151.88.128/25
+        # QSC public networks (i.e. widehat)
+        - 62.146.92.200/29
+        - 62.146.92.208/29
         # Backdoor of @kbabioch for the time being
         - 24.134.156.21
         # Backdoor of @rklein for the time being
@@ -52,8 +59,6 @@ firewalld:
     # interface or sources and without any service declared.
     public:
       short: Public
-      services:
-        - ssh
     internal:
       short: Internal
     work: