Merge pull request #48427 from jldohmann/BZ2102230

BZ2102230: fix table entries and add redirector url

Author: ahardin-rh

modules/configuring-firewall.adoc

@@ -46,14 +46,9 @@ There are no special configuration considerations for services running on only c
 |443, 80
 |The `https://console.redhat.com/openshift` site uses authentication from `sso.redhat.com`
 
-|`rhcos.mirror.openshift.com`
-|443, 80
-|Provides {op-system-first} images
-
 |===
 +
-You can use the wildcards `\*.quay.io` and `*.mirror.openshift.com` instead of `cdn0[1-3].quay.io` and `rhcos.mirror.openshift.com` in your allowlist.
-When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, then image downloads are denied when the initial download request is redirected to a hostname such as `cdn01.quay.io`.
+You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn0[1-3].quay.io` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, then image downloads are denied when the initial download request is redirected to a hostname such as `cdn01.quay.io`.
 
 . Allowlist any site that provides resources for a language or framework that your builds require.
 
@@ -146,7 +141,7 @@ When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard
 |443, 80
 |Required both for your cluster token and to check if updates are available for the cluster.
 
-|`art-rhcos-ci.s3.amazonaws.com`
+|`rhcos.mirror.openshift.com`
 |443, 80
 |Required to download {op-system-first} images.