From ef09f84a991425cad193e614a69b5d3f9b87bbba Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 2 Apr 2025 14:03:24 +0200
Subject: [PATCH] Lock down syslog port for log-qa, SC2522

---
 global/overlay/etc/puppet/cosmos-rules.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 84603a74..9b19c6e8 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1270,6 +1270,11 @@ log-qa-sto1-1.komreg.net:
       url: http://127.0.0.1:9999/telegraf
    sunet::rsyslog:
       udp_port: 514
+      udp_client:
+         - 89.47.185.121/32          # proxy-qa-sto1-1.komreg.net
+         - 2001:6b0:5a:4020::ea/128  # proxy-qa-sto1-1.komreg.net
+         - 89.47.184.242/32          # connector-qa-sto1-1.komreg.net
+         - 2001:6b0:5a:4020::12b/128 # connector-qa-sto1-1.komreg.net
    eid::log:
 
 proxy-qa-sto1-1.komreg.net: