Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Version 1 and Version 2 of limitConnections

Timestamp:: 10/19/22 08:42:16 (2 years ago)
Author:: niles
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

limitConnections

-                      v1
+                      v2
 -A FORWARD -j RH-Firewall-1-INPUT
 -A RH-Firewall-1-INPUT -i lo -j ACCEPT
+-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
+-A RH-Firewall-1-INPUT -s 172.23.19.54 -j ACCEPT
+-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 30000 -j ACCEPT
+-A RH-Firewall-1-INPUT -s 146.5.21.121 -j ACCEPT
+-A RH-Firewall-1-INPUT -s 146.5.21.120 -j ACCEPT
+-A RH-Firewall-1-INPUT -s 128.118.7.56 -j DROP
+-A RH-Firewall-1-INPUT -s 128.118.7.57 -j DROP
+-A RH-Firewall-1-INPUT -s 131.113.97.134 -j DROP
+-A RH-Firewall-1-INPUT -s 122.210.105.211 -j DROP
+.
+.
+.
+.
 # Limit to 5 per IP on port 80
 -A RH-Firewall-1-INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -j DROP
+#
+# Allow 146.5.21.110 (teide.nispdc.nso.edu) in so it can cross mount disks
+-A RH-Firewall-1-INPUT -s 146.5.21.110 -j ACCEPT
+#
+# Same for 146.5.21.60 (shemesh.nispdc.nso.edu)
+-A RH-Firewall-1-INPUT -s 146.5.21.60 -j ACCEPT
+#
+##-A RH-Firewall-1-INPUT -m iprange --src-range 119.188.50.0-119.188.50.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 119.188.12.0-119.188.12.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 60.214.64.0-60.214.64.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 122.143.6.0-122.143.6.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 222.161.212.0-222.161.212.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 122.141.235.0-122.141.235.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 119.188.15.0-119.188.15.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 124.95.156.0-124.95.156.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 221.204.176.0-221.204.176.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 61.54.24.0-61.54.24.255 -j DROP
+##-A RH-Firewall-1-INPUT -m iprange --src-range 218.26.232.0-218.26.232.255 -j DROP
+-A RH-Firewall-1-INPUT -s 1.12.0.0/16 -j DROP
+-A RH-Firewall-1-INPUT -p esp -j ACCEPT
+-A RH-Firewall-1-INPUT -p ah -j ACCEPT
+-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
+-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 55000 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5434 -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5001 -j ACCEPT
+-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 5001 -j ACCEPT
+-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 55000 -j ACCEPT
+-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 5222 -j ACCEPT
+-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 8080 -j ACCEPT
+-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 80 -j ACCEPT
+-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
+.
+.
+.
+.
 COMMIT
 }}}