From 44d2049be19a97c4b05c1998b8aff36a407eb914 Mon Sep 17 00:00:00 2001
From: Karol Babioch <kbabioch@suse.de>
Date: Nov 12 2019 14:34:57 +0000
Subject: Add public networks that are allowed to connect via SSH


This adds more public networks that will be allowed to connect via SSH.
The networks are ranges from SUSE and/or QSC.

---

diff --git a/pillar/id/slimhat_infra_opensuse_org.sls b/pillar/id/slimhat_infra_opensuse_org.sls
index ca89bf3..fd31347 100644
--- a/pillar/id/slimhat_infra_opensuse_org.sls
+++ b/pillar/id/slimhat_infra_opensuse_org.sls
@@ -41,7 +41,14 @@ firewalld:
         guarantee that we have public access to SSH in case VPN goes down, but
         without exposing SSH to the internet.
       sources:
-        - 195.135.221.151
+        # SUSE's public networks (Nuremberg)
+        - 195.135.220.0/24
+        - 195.135.221.0/24
+        # SUSE's public network (Prague)
+        - 213.151.88.128/25
+        # QSC public networks (i.e. widehat)
+        - 62.146.92.200/29
+        - 62.146.92.208/29
         # Backdoor of @kbabioch for the time being
         - 24.134.156.21
         # Backdoor of @rklein for the time being