From: Zoltán Felleg Date: Tue, 4 Jun 2024 14:21:42 +0000 (+0200) Subject: Updated ifg.in (added netlock and slycpx rules). X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=e7042a05ca5be5edcaf958a68e49ca862a8e2394;p=user-lxc.git Updated ifg.in (added netlock and slycpx rules). --- diff --git a/sources/ifg.in/c3d/firstboot/data/nftables.config b/sources/ifg.in/c3d/firstboot/data/nftables.config index 0399e0e..f75f2f5 100644 --- a/sources/ifg.in/c3d/firstboot/data/nftables.config +++ b/sources/ifg.in/c3d/firstboot/data/nftables.config @@ -30,7 +30,7 @@ define PUBLIC_NS_IPV4 = 213.253.216.164 define PUBLIC_STORE_IPV4 = 213.253.216.165 define PUBLIC_VPN_IPV4 = 213.253.216.166 define PUBLIC_WS_IPV4 = 213.253.216.167 -define PUBLIC_IPV4_168 = 213.253.216.168 +define PUBLIC_NETLOCK_IPV4 = 213.253.216.168 define PUBLIC_IPV4_169 = 213.253.216.169 define PUBLIC_IPV4_170 = 213.253.216.170 define PUBLIC_IPV4_171 = 213.253.216.171 @@ -101,6 +101,10 @@ define MINICRM_INTERNAL_IPV4 = 10.228.109.133 define FDC_INTERNAL_IPV4 = 10.228.109.131 define FDC_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6d83 +# slycrm proxy address (internal network) +define SLYCPX_INTERNAL_IPV4 = 10.228.109.44 +define SLYCPX_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6d2c + # source name server address (internal network) define SNS_INTERNAL_IPV4 = 10.228.109.11 define SNS_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:6d0b @@ -112,6 +116,9 @@ define NS2_INTERNAL_IPV6 = 2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f # dvredmine address (internal network) define DVREDMINE_INTERNAL_IPV4 = 10.228.62.193 +# netlock server address (internal network) +define NETLOCK_INTERNAL_IPV4 = 10.228.32.197 + # worksheet address (internal network) define WORKSHEET_SR_IPV4 = 192.168.42.248 @@ -309,6 +316,12 @@ add rule ip ifg-filter forward \ oifname $INTERNAL_IF ip daddr $VPN_INTERNAL_IPV4 udp dport $VPN_PORT \ counter accept comment "Incoming VPN traffic" +add rule ip ifg-filter forward \ + ip protocol tcp \ + iifname $PERIMETER_IF ip saddr != $PERIMETER_NET tcp sport 1024-65535 \ + oifname $INTERNAL_IF ip daddr $NETLOCK_INTERNAL_IPV4 tcp dport ssh \ + counter accept comment "Incoming netlock traffic" + add rule ip ifg-filter forward \ ip protocol tcp \ iifname $PERIMETER_IF ip saddr != $PERIMETER_NET tcp sport 1024-65535 \ @@ -325,15 +338,17 @@ add rule ip ifg-filter forward \ iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IPV4 tcp sport 1024-65535 \ oifname $INTERNAL_IF ip daddr { $DVREDMINE_INTERNAL_IPV4, \ $FDC_INTERNAL_IPV4, \ + $SLYCPX_INTERNAL_IPV4, \ $STORE_INTERNAL_IPV4, \ $WIKI_INTERNAL_IPV4 } tcp dport http \ - counter accept comment "Fdc, redmine, store and wiki requests" + counter accept comment "Fdc, redmine, slycpx, store and wiki requests" add rule ip6 ifg-filter forward \ iifname $PERIMETER_IF ip6 saddr $WS_PERIMETER_IPV6 tcp sport 1024-65535 \ oifname $INTERNAL_IF ip6 daddr { $FDC_INTERNAL_IPV6, \ + $SLYCPX_INTERNAL_IPV6, \ $STORE_INTERNAL_IPV6, \ $WIKI_INTERNAL_IPV6 } tcp dport http \ - counter accept comment "Fdc, store and wiki requests" + counter accept comment "Fdc, slycpx, store and wiki requests" add rule ip ifg-filter forward \ ct state established \