CoCalc -- compute_firewall.sh

GitHub Repository: sagemathinc/cocalc
Path: blob/master/src/scripts/compute_firewall.sh
Views: ²⁷⁵
1
#!/bin/bash
2
# Written by Keith Clawson, with some modifications by William Stein.  March 2014
3

4
# flush table
5
iptables -F
6

7
# default policy: accept all connections
8
iptables -P INPUT ACCEPT
9
iptables -P OUTPUT ACCEPT
10
iptables -P FORWARD ACCEPT
11

12
# accept any related or established connections, needed for ssh to work
13
# because it uses a random large port to connect to other machines
14
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
15

16
# loop over the set of hub nodes -- TODO -- what about when I add new hubs!
17
for N in {1..21}
18
do
19
    # accept incoming traffic to ports >= 1024 from each hub node
20
    iptables -A INPUT -p tcp --dport 1024: --source 10.1.$N.3 -j ACCEPT
21
done
22

23
# europe data center web host
24
iptables -A INPUT -p tcp --dport 1024: --source 10.4.1.3 -j ACCEPT
25

26
# admin machines
27
iptables -A INPUT -p tcp --dport 1024: --source 10.1.3.1 -j ACCEPT
28
iptables -A INPUT -p tcp --dport 1024: --source 10.1.10.1 -j ACCEPT
29

30
# accept incoming traffic to ports >= 1024 from localhost -- this is used for port
31
# forwarding over ssh, and the local_hub to sage_server and console_server connections.
32
iptables -A INPUT -p tcp --dport 1024: --source localhost -j ACCEPT
33

34
# reject incoming tcp connections to ports >= 1024 from any source that
35
# did not match any of the previous rules
36
iptables -A INPUT -p tcp --dport 1024: -j DROP
37

38