add iptable rules

wireapp · Nov 20, 2024 · 8415230 · 8415230
1 parent 7a60f81
commit 8415230
Show file tree

Hide file tree

Showing 2 changed files with 104 additions and 0 deletions.
diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/.terraform.lock.hcl b/terraform/examples/wire-server-deploy-offline-hetzner/.terraform.lock.hcl
diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/main.tf b/terraform/examples/wire-server-deploy-offline-hetzner/main.tf
@@ -20,6 +20,49 @@ locals {
     - iptables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT
     - ip6tables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT
 
+    # Cassandra (inbound and outbound)
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9042 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9042 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9042 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9042 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9160 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9160 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9160 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9160 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 7000 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 7000 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 7000 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 7000 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 7199 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 7199 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 7199 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 7199 -j ACCEPT
+
+    # Elasticsearch (inbound and outbound)
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9300 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9300 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9300 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9300 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9200 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9200 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9200 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9200 -j ACCEPT
+
+    # MinIO (inbound and outbound)
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9000 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9000 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9000 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9000 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9092 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9092 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9092 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9092 -j ACCEPT
+
     # Drop all other traffic
     - iptables -A OUTPUT -o eth0 -j DROP
     - ip6tables -A OUTPUT -o eth0 -j DROP