From ca95a31f7a04298691aedb42269b65084e2d4e86 Mon Sep 17 00:00:00 2001
From: Jonathan Cobb <jonathan@kyuss.org>
Date: Thu, 17 Sep 2020 12:18:06 -0400
Subject: [PATCH] re-enable proper ssh port in iptables after algo overwrites

---
 .../ansible/roles/algo/tasks/algo_firewall.yml      | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/bubble-server/src/main/resources/ansible/roles/algo/tasks/algo_firewall.yml b/bubble-server/src/main/resources/ansible/roles/algo/tasks/algo_firewall.yml
index 145c7cbb..90204f31 100644
--- a/bubble-server/src/main/resources/ansible/roles/algo/tasks/algo_firewall.yml
+++ b/bubble-server/src/main/resources/ansible/roles/algo/tasks/algo_firewall.yml
@@ -3,7 +3,7 @@
 #
 # Insert additional firewall rules to allow required services to function
 # Insert them all on rule_num 5, and insert them in reverse order here:
-- name: Allow SSH
+- name: Allow SSH tarpit
   iptables:
     chain: INPUT
     protocol: tcp
@@ -11,6 +11,17 @@
     ctstate: NEW
     syn: match
     jump: ACCEPT
+    comment: Accept new SSH tarpit connections
+  become: yes
+
+- name: Allow SSH
+  iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 1202
+    ctstate: NEW
+    syn: match
+    jump: ACCEPT
     comment: Accept new SSH connections
   become: yes