forked from AppScale/gts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall.conf
executable file
·39 lines (31 loc) · 1.55 KB
/
firewall.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/bash
# Flush any current firewall settings
iptables -F
# Allow all established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all loopback traffic
iptables -I INPUT 1 -i lo -j ACCEPT
# Allow all SSH traffic
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
# Allow for all traffic from anywhere for the following services
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # nginx
iptables -A INPUT -p tcp --dport 443 -j ACCEPT # nginx (SSL)
iptables -A INPUT -p tcp --dport 1080 -j ACCEPT # nginx / AppDashboard
iptables -A INPUT -p tcp --dport 1443 -j ACCEPT # nginx (SSL)
iptables -A INPUT -p tcp --dport 2812 -j ACCEPT # monit dashboard
iptables -A INPUT -p tcp --dport 5222 -j ACCEPT # ejabberd
iptables -A INPUT -p tcp --dport 5555 -j ACCEPT # Celery Flower
iptables -A INPUT -p tcp --dport 6106 -j ACCEPT # BlobServer
iptables -A INPUT -p tcp --dport 8080:8100 -j ACCEPT # nginx -> Google App Engine
iptables -A INPUT -p tcp --dport 4380:4400 -j ACCEPT # nginx -> Google App Engine (SSL)
iptables -A INPUT -p tcp --dport 17443 -j ACCEPT # AppController
iptables -A INPUT -p tcp --dport 4343 -j ACCEPT # UserAppServer
ALL_IPS_FILE=/etc/appscale/all_ips
MASTER_FILE=/etc/appscale/masters
SLAVES_FILE=/etc/appscale/slaves
# Allow any connections between AppScale nodes
cat $ALL_IPS_FILE $MASTER_FILE $SLAVES_FILE | sort -u | while read line; do
test -n "$line" && iptables -A INPUT -s ${line} -j ACCEPT
done
# Drop all other connections
iptables -A INPUT -j DROP