jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adding firewall http over VPN rule for bastion cert exchange and possibly more in the future

This commit is contained in:
toby 2019-04-09 21:27:28 +00:00
parent c53f3e2219
commit 47b2e0b3e6
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
files/firewall
View File

@ -33,8 +33,9 @@ case $1 in
iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 6789 -j ACCEPT -m comment --comment "ceph mon traffic"
iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 6789 -j ACCEPT -m comment --comment "ceph mon traffic"
iptables -A INPUT -m policy --pol ipsec --dir in -p udp --dport 4789 -j ACCEPT -m comment --comment "vxlan traffic"
iptables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 123 -j ACCEPT -m comment --comment "ntp replies for anything over the VPN"
iptables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 53 -j ACCEPT -m comment --comment "dns replies from anything over the VPN"
iptables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 123 -j ACCEPT -m comment --comment "ntp replies for bastion"
iptables -A INPUT -m policy --pol ipsec --dir in -p udp --sport 53 -j ACCEPT -m comment --comment "dns replies for bastion"
iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --sport 80 -j ACCEPT -m comment --comment "http replies for bastion"
iptables -A INPUT -m policy --pol ipsec --dir in -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh if coming over the VPN"
## external services we depend upon