From 607aabc880a37a06fc2b80a93cf8efda1ff64b6d Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Thu, 5 Mar 2026 16:12:38 +0100
Subject: [PATCH] Allow tent to reach ceph

---
 m/bay/configuration.nix   | 2 +-
 m/lake2/configuration.nix | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/m/bay/configuration.nix b/m/bay/configuration.nix
index 7bdfe740..9bb353eb 100644
--- a/m/bay/configuration.nix
+++ b/m/bay/configuration.nix
@@ -35,7 +35,7 @@
         # Accept monitoring requests from hut
         iptables -A nixos-fw -p tcp -s hut -m multiport --dport 9283,9002 -j nixos-fw-accept
         # Accept all Ceph traffic from the local network
-        iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
+        iptables -A nixos-fw -p tcp -s 10.0.40.0/21 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
       '';
     };
   };
diff --git a/m/lake2/configuration.nix b/m/lake2/configuration.nix
index 477cf59c..338c2d40 100644
--- a/m/lake2/configuration.nix
+++ b/m/lake2/configuration.nix
@@ -57,7 +57,7 @@
         # Accept monitoring requests from hut
         iptables -A nixos-fw -p tcp -s hut --dport 9002 -j nixos-fw-accept
         # Accept all Ceph traffic from the local network
-        iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
+        iptables -A nixos-fw -p tcp -s 10.0.40.0/21 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
       '';
     };
   };