Commit 5386fbf1 authored by jz143's avatar jz143

new firewall rules

parent 67db5ebe
......@@ -3,7 +3,9 @@
# Flush all current rules from iptables
iptables -F
iptables -X
ip6tables -F
ip6tables -X
iptables -t nat -F
# Allow SSH connections on tcp port 22
......@@ -40,8 +42,21 @@ ip6tables -A OUTPUT -p ipv6-icmp --icmpv6-type echo-reply -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
# (IPv4-only) Redis - allow access only from mac worker
# (IPv4-only) Allow access to MySQL and Redis from Mac worker
ALLOW_IP_ADDRESS=152.3.124.119
# MySQL
MYSQL_PORT=3306
# create a new chain
iptables -N mysql-protection
# allow your IP
iptables -A mysql-protection --src $ALLOW_IP_ADDRESS -j ACCEPT
# drop everyone else
iptables -A mysql-protection -j DROP
# use chain xxx for packets coming to TCP port $MYSQL_PORT
iptables -I INPUT -m tcp -p tcp --dport $MYSQL_PORT -j mysql-protection
# Redis
REDIS_PORT=6379
# create a new chain
iptables -N redis-protection
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment