From 1fde9c4f0c02a805ca74186df2e9494ad0c79115 Mon Sep 17 00:00:00 2001
From: Seth Foster <fosterbseth@gmail.com>
Date: Thu, 8 Sep 2022 13:55:18 -0400
Subject: [PATCH] add firewall rules to control node

---
 awx/main/tasks/receptor.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/awx/main/tasks/receptor.py b/awx/main/tasks/receptor.py
index baf95dd412..916210c075 100644
--- a/awx/main/tasks/receptor.py
+++ b/awx/main/tasks/receptor.py
@@ -606,6 +606,7 @@ class AWXReceptorJob:
 RECEPTOR_CONFIG_STARTER = (
     {'local-only': None},
     {'log-level': 'debug'},
+    {'node': {'firewallrules': [{'action': 'reject', 'tonode': settings.CLUSTER_HOST_ID, 'toservice': 'control'}]}},
     {'control-service': {'service': 'control', 'filename': '/var/run/receptor/receptor.sock', 'permissions': '0660'}},
     {'work-command': {'worktype': 'local', 'command': 'ansible-runner', 'params': 'worker', 'allowruntimeparams': True}},
     {'work-signing': {'privatekey': '/etc/receptor/signing/work-private-key.pem', 'tokenexpiration': '1m'}},