Firewall rules

[leebaird]

If Nebula is not being used, suggest the following:

1. Configure /var/www/html/.htaccess on each redirector and set the first proxy rule with the IP address of the C2 server.
2. Configure the C2 server firewall to allow port 443 from each redirector.

[ezra-buckingham]

After looking further, it is going to be very difficult to implement IP and port. Implementing the IP is easy, but there are some flaws with port as I will need to have it taken in as a CLI param since the redirectors can map to any non-standard port to transfer C2 comms over Nebula / internet.... still working on it though

[ezra-buckingham]

I didn't use that branch, but changes have been pushed to address this, it now has a "blanket" approve for all firewall rules across the cluster. So all resources can freely communicate with each other over the internet (not great, but best I can do given ports may differ if you use containers)

[leebaird]

I thought you told me this only worked with Nebula.

[ezra-buckingham]

As it worked in the past, yes, but I was able to make it work as long as all of your resources are routable directly from the internet. Also, there’s no granular control of allowed ports in the solution I committed, it’s allow all from all resources in a build