You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
107 lines
2.7 KiB
107 lines
2.7 KiB
chain concourse_worker { |
|
define ports = { |
|
22, # ssh |
|
7777, # concourse-atc |
|
7778, # concourse-baggageclaim |
|
} |
|
ip saddr { 107.155.67.65/29 } tcp dport $ports accept |
|
ip6 saddr { 2604:880:396::/48 } tcp dport $ports accept |
|
} |
|
|
|
chain docker_usc2_ingress { |
|
# factorio game |
|
udp dport 34197 accept |
|
# factorio rcon |
|
ip saddr $management4 tcp dport 27017 accept |
|
ip6 saddr $management6 tcp dport 27017 accept |
|
# icecast direct |
|
ip saddr $management4 tcp dport 9090 accept |
|
ip6 saddr $management6 tcp dport 9090 accept |
|
# unifi |
|
define unifi_ports_tcp = { |
|
8443, # unifi-https |
|
8880, # unifi-portal-http |
|
8843, # unifi-portal-https |
|
6789, # unifi-speed |
|
} |
|
define unifi_ports_udp = { |
|
3478, # unifi-stun |
|
} |
|
# unifi http |
|
tcp dport 8080 accept |
|
ip saddr $management4 tcp dport $unifi_ports_tcp accept |
|
ip saddr $management4 udp dport $unifi_ports_udp accept |
|
ip6 saddr $management6 tcp dport $unifi_ports_tcp accept |
|
ip6 saddr $management6 udp dport $unifi_ports_udp accept |
|
} |
|
|
|
chain elasticsearch_cluster { |
|
ip saddr 10.1.0.0/24 tcp dport { 9200, 9300 } accept |
|
# external node ingress |
|
ip saddr $minions4 tcp dport 9200 accept |
|
ip6 saddr $minions6 tcp dport 9200 accept |
|
# elasticsearch exporter |
|
ip saddr $scrapers4 tcp dport 9114 accept |
|
ip6 saddr $scrapers6 tcp dport 9114 accept |
|
} |
|
|
|
chain http_public { |
|
tcp dport { 80, 443 } accept |
|
} |
|
|
|
chain matrix_public { |
|
define ports_tcp = { |
|
8448, # matrix-server |
|
3478, # coturn-plain |
|
5349, # coturn-tls |
|
} |
|
define ports_udp = { |
|
3478, # coturn-plain |
|
5349, # coturn-tls |
|
49152-65535, # coturn-relay |
|
} |
|
tcp dport $ports_tcp accept |
|
udp dport $ports_udp accept |
|
} |
|
|
|
chain node_exporter_private { |
|
ip saddr $scrapers4 tcp dport 9100 accept |
|
ip6 saddr $scrapers6 tcp dport 9100 accept |
|
} |
|
|
|
chain salt_private { |
|
define ports_tcp = { |
|
443, # grainsrv |
|
4505, # salt-publish |
|
4506, # salt-return |
|
8000, # salt-api |
|
} |
|
ip saddr $minions4 tcp dport $ports_tcp accept |
|
ip6 saddr $minions6 tcp dport $ports_tcp accept |
|
} |
|
|
|
chain critical_services { |
|
define ports_tcp = { |
|
22, # ssh |
|
} |
|
|
|
ip saddr $minions4 tcp dport $ports_tcp accept |
|
ip6 saddr $minions6 tcp dport $ports_tcp accept |
|
} |
|
|
|
chain usc2_privnet { |
|
ip saddr 10.200.0.0/24 accept |
|
} |
|
|
|
chain int_privnet { |
|
ip saddr 10.100.0.0/23 accept |
|
} |
|
|
|
chain vault_private { |
|
define ports_tcp = { |
|
8200, # vault |
|
} |
|
|
|
ip saddr $minions4 tcp dport $ports_tcp accept |
|
ip6 saddr $minions6 tcp dport $ports_tcp accept |
|
} |