iptables: Limit smokescreen port 4750, add camo port.

Limit incoming connections to port 4750 to only the smokescreen host,
and also allow access to the Camo server on that host, on port 9292.
This commit is contained in:
Alex Vandiver 2021-02-17 12:38:15 -08:00 committed by Tim Abbott
parent 5cbc21efd5
commit e30b524896
1 changed files with 5 additions and 0 deletions

View File

@ -40,9 +40,14 @@
-A INPUT -p tcp --dport https -j ACCEPT -A INPUT -p tcp --dport https -j ACCEPT
-A INPUT -p tcp --dport postgresql -j ACCEPT -A INPUT -p tcp --dport postgresql -j ACCEPT
<% if @fqdn.include? "smokescreen" -%>
# Smokescreen proxy # Smokescreen proxy
-A INPUT -p tcp --dport 4750 -j ACCEPT -A INPUT -p tcp --dport 4750 -j ACCEPT
# Camo proxy
-A INPUT -p tcp --dport 9292 -j ACCEPT
<% end -%>
# statsd # statsd
-A INPUT -p udp --dport 8125 -j ACCEPT -A INPUT -p udp --dport 8125 -j ACCEPT
<% end -%> <% end -%>