From a58ee47301a46fe7d319467b73491dcfcae885d1 Mon Sep 17 00:00:00 2001 From: Kenny Ballou Date: Wed, 24 Feb 2021 18:33:19 -0700 Subject: update firewall rules Signed-off-by: Kenny Ballou --- daeva/nftables-rules.nft | 7 ++++++- eligos/nftables-rules.nft | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/daeva/nftables-rules.nft b/daeva/nftables-rules.nft index 8d78807..792b684 100644 --- a/daeva/nftables-rules.nft +++ b/daeva/nftables-rules.nft @@ -11,7 +11,7 @@ table inet filter { udp dport domain ip saddr 172.16.0.0/12 counter accept tcp dport 3000 ip saddr 127.0.0.1/8 counter accept tcp dport 8000 ip saddr 127.0.0.1/8 counter accept - tcp dport http-alt ip saddr { 127.0.0.1/8, 10.100.0.0/8 } counter accept + tcp dport http-alt ip saddr { 127.0.0.1/8, 10.0.0.0/8 } counter accept counter } @@ -53,6 +53,11 @@ table inet filter { ip daddr 127.0.0.0/8 counter accept tcp dport 5222 counter accept tcp dport 6697 counter accept + tcp dport 2049 ip daddr 10.0.0.0/8 counter accept + udp dport 2049 ip daddr 10.0.0.0/8 counter accept + tcp dport 20048 ip daddr 10.0.0.0/8 counter accept + udp dport 20048 ip daddr 10.0.0.0/8 counter accept + tcp dport 13052 counter accept counter } } diff --git a/eligos/nftables-rules.nft b/eligos/nftables-rules.nft index adc8507..c26071e 100644 --- a/eligos/nftables-rules.nft +++ b/eligos/nftables-rules.nft @@ -13,6 +13,10 @@ table inet filter { tcp dport 8000 ip saddr 127.0.0.1/8 counter accept tcp dport 8384 ip saddr 127.0.0.1/8 counter accept tcp dport 8080 ip saddr { 127.0.0.1/8, 10.1.0.0/8 } counter accept + tcp dport 20048 ip saddr 10.0.0.0/8 counter accept + udp dport 20048 ip saddr 10.0.0.0/8 counter accept + udp dport 2049 ip saddr 10.0.0.0/8 counter accept + tcp dport 2049 ip saddr 10.0.0.0/8 counter accept tcp dport ssh counter accept counter } -- cgit v1.2.1