jerry
/
src.dualinventive.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
src.dualinventive.com/devops/ansible-dtap/rootnet-roles/di-sec-firewall/templates/01-sec.rules.j2

38 lines
2.7 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
dualinventivesms='83.162.166.98' # Dualinventive
# SSH
## Allow SSH from select ip's
$ip4 -A custom -i $outside_int -p tcp --dport 22 -s 87.233.176.101 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 22 -s 87.233.176.102 -m conntrack --ctstate NEW -j ACCEPT
# DI Secureserver
## Allow new tcp traffic in/out
# Port 3300, in
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s 87.233.176.101 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s 87.233.176.102 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s 87.233.176.103 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s 87.233.176.106 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s 87.233.176.114 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s 87.233.176.115 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s $rootnet -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s $nagios -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp --dport 3300 -s $vpn -m conntrack --ctstate NEW -j ACCEPT
# DI TCP server, out
DItcppoorten='3000,3001,3002,3003,3004,3005,3006,3007,3008,3009,3010,3030'
$ip4 -A custom -o $outside_int -p tcp -m multiport --dports $DItcppoorten -d 87.233.176.100 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -o $outside_int -p tcp -m multiport --dports $DItcppoorten -d 87.233.176.103 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -o $outside_int -p tcp -m multiport --dports $DItcppoorten -d 87.233.176.106 -m conntrack --ctstate NEW -j ACCEPT
secure_server_ports='11999:12003'
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.101 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.102 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.114 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.115 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.104 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.107 -m conntrack --ctstate NEW -j ACCEPT
## outgoing SMS
$ip4 -A custom -o $outside_int -p tcp --dport 3030 -d $dualinventivesms -m conntrack --ctstate NEW -j ACCEPT
Reference in New Issue View Git Blame Copy Permalink