Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

iptables: Limit smokescreen port 4750, add camo port. 

Limit incoming connections to port 4750 to only the smokescreen host,
and also allow access to the Camo server on that host, on port 9292.
This commit is contained in:
Alex Vandiver 2021-02-17 12:38:15 -08:00 committed by Tim Abbott
parent 5cbc21efd5
commit e30b524896
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
puppet/zulip_ops/templates/iptables/rules.v4.erb
View File

@ -40,9 +40,14 @@
-A INPUT -p tcp --dport https -j ACCEPT
-A INPUT -p tcp --dport postgresql -j ACCEPT
<% if @fqdn.include? "smokescreen" -%>
# Smokescreen proxy
-A INPUT -p tcp --dport 4750 -j ACCEPT
# Camo proxy
-A INPUT -p tcp --dport 9292 -j ACCEPT
<% end -%>
# statsd
-A INPUT -p udp --dport 8125 -j ACCEPT
<% end -%>