From 84152300d79a7f68c081de1862ff160d659d01f7 Mon Sep 17 00:00:00 2001 From: Amit Sagtani Date: Wed, 20 Nov 2024 15:04:21 +0100 Subject: [PATCH] add iptable rules --- .../.terraform.lock.hcl | 61 +++++++++++++++++++ .../main.tf | 43 +++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 terraform/examples/wire-server-deploy-offline-hetzner/.terraform.lock.hcl diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/.terraform.lock.hcl b/terraform/examples/wire-server-deploy-offline-hetzner/.terraform.lock.hcl new file mode 100644 index 000000000..706f235ce --- /dev/null +++ b/terraform/examples/wire-server-deploy-offline-hetzner/.terraform.lock.hcl @@ -0,0 +1,61 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.3" + hashes = [ + "h1:zG9uFP8l9u+yGZZvi5Te7PV62j50azpgwPunq2vTm1E=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", + ] +} + +provider "registry.terraform.io/hashicorp/tls" { + version = "4.0.6" + hashes = [ + "h1:n3M50qfWfRSpQV9Pwcvuse03pEizqrmYEryxKky4so4=", + "zh:10de0d8af02f2e578101688fd334da3849f56ea91b0d9bd5b1f7a243417fdda8", + "zh:37fc01f8b2bc9d5b055dc3e78bfd1beb7c42cfb776a4c81106e19c8911366297", + "zh:4578ca03d1dd0b7f572d96bd03f744be24c726bfd282173d54b100fd221608bb", + "zh:6c475491d1250050765a91a493ef330adc24689e8837a0f07da5a0e1269e11c1", + "zh:81bde94d53cdababa5b376bbc6947668be4c45ab655de7aa2e8e4736dfd52509", + "zh:abdce260840b7b050c4e401d4f75c7a199fafe58a8b213947a258f75ac18b3e8", + "zh:b754cebfc5184873840f16a642a7c9ef78c34dc246a8ae29e056c79939963c7a", + "zh:c928b66086078f9917aef0eec15982f2e337914c5c4dbc31dd4741403db7eb18", + "zh:cded27bee5f24de6f2ee0cfd1df46a7f88e84aaffc2ecbf3ff7094160f193d50", + "zh:d65eb3867e8f69aaf1b8bb53bd637c99c6b649ba3db16ded50fa9a01076d1a27", + "zh:ecb0c8b528c7a619fa71852bb3fb5c151d47576c5aab2bf3af4db52588722eeb", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hetznercloud/hcloud" { + version = "1.49.0" + hashes = [ + "h1:TVZ8DO6bWVWxSMpwFe1tNS8gei8WGCgqOkc7eNWami8=", + "zh:05a5430404384d59002e9bda022e9c3b993687558ca92baa3b0943642b056264", + "zh:1e8e74c8b99594b782e96f62afa86daf11c5b15581deedc0d88f08bb4760a27e", + "zh:3e6d10b2a1f5a4fa74733b4b833d29ab5e3592bfdb99833b9915db6e885e4670", + "zh:41c134a4466bdd12a164803263c25225d2c0d8ed5b9af554b8562d101e5874e0", + "zh:47c4c0f7a2b9e27d10dc98473513c04e25b079fa10d23814482ad2fb4fb30bc8", + "zh:517c5c2fa53695e36e2c8a385464f8708a8733c2ab81869d0e43e019cf2b156b", + "zh:5ceae1343501301fd4c861a1d9be16fd3b8f20dce0c3a73c74dafec27f0d022c", + "zh:61b8e30742bb347cdb0284dbd5b505c11603ccc7255c88758d22f3f8528d0059", + "zh:8b702609ca48b0e76e930a76244414b5f8ef0c93125a63bf147dc1cbf1b28f6a", + "zh:a5ee062a97b4ab7356062f8acc93824fce97c932e7b741eed7a4685fe57de9b9", + "zh:c744bec43cd2edcbf507bf0090125cd5500288a51bf0fde4515566a68a7dedda", + "zh:cb8c4e23879b49cd09a4374c165ee0ad077591473ec54a8df0b8948c5d583b91", + "zh:d3f6233b8c8217f318ce5a9b6c22e0adc84051dcb42fdb431d54ce3ef2e82513", + "zh:f724c9ea8d3e9cd6bdba393701eaf92506269b114e3e643d1abd0e1ca820bc16", + ] +} diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/main.tf b/terraform/examples/wire-server-deploy-offline-hetzner/main.tf index cdecb37a1..f30f2d49d 100644 --- a/terraform/examples/wire-server-deploy-offline-hetzner/main.tf +++ b/terraform/examples/wire-server-deploy-offline-hetzner/main.tf @@ -20,6 +20,49 @@ locals { - iptables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT - ip6tables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT + # Cassandra (inbound and outbound) + - iptables -A OUTPUT -o eth0 -p tcp --dport 9042 -j ACCEPT + - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9042 -j ACCEPT + - iptables -A INPUT -i eth0 -p tcp --sport 9042 -j ACCEPT + - ip6tables -A INPUT -i eth0 -p tcp --sport 9042 -j ACCEPT + + - iptables -A OUTPUT -o eth0 -p tcp --dport 9160 -j ACCEPT + - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9160 -j ACCEPT + - iptables -A INPUT -i eth0 -p tcp --sport 9160 -j ACCEPT + - ip6tables -A INPUT -i eth0 -p tcp --sport 9160 -j ACCEPT + + - iptables -A OUTPUT -o eth0 -p tcp --dport 7000 -j ACCEPT + - ip6tables -A OUTPUT -o eth0 -p tcp --dport 7000 -j ACCEPT + - iptables -A INPUT -i eth0 -p tcp --sport 7000 -j ACCEPT + - ip6tables -A INPUT -i eth0 -p tcp --sport 7000 -j ACCEPT + + - iptables -A OUTPUT -o eth0 -p tcp --dport 7199 -j ACCEPT + - ip6tables -A OUTPUT -o eth0 -p tcp --dport 7199 -j ACCEPT + - iptables -A INPUT -i eth0 -p tcp --sport 7199 -j ACCEPT + - ip6tables -A INPUT -i eth0 -p tcp --sport 7199 -j ACCEPT + + # Elasticsearch (inbound and outbound) + - iptables -A OUTPUT -o eth0 -p tcp --dport 9300 -j ACCEPT + - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9300 -j ACCEPT + - iptables -A INPUT -i eth0 -p tcp --sport 9300 -j ACCEPT + - ip6tables -A INPUT -i eth0 -p tcp --sport 9300 -j ACCEPT + + - iptables -A OUTPUT -o eth0 -p tcp --dport 9200 -j ACCEPT + - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9200 -j ACCEPT + - iptables -A INPUT -i eth0 -p tcp --sport 9200 -j ACCEPT + - ip6tables -A INPUT -i eth0 -p tcp --sport 9200 -j ACCEPT + + # MinIO (inbound and outbound) + - iptables -A OUTPUT -o eth0 -p tcp --dport 9000 -j ACCEPT + - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9000 -j ACCEPT + - iptables -A INPUT -i eth0 -p tcp --sport 9000 -j ACCEPT + - ip6tables -A INPUT -i eth0 -p tcp --sport 9000 -j ACCEPT + + - iptables -A OUTPUT -o eth0 -p tcp --dport 9092 -j ACCEPT + - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9092 -j ACCEPT + - iptables -A INPUT -i eth0 -p tcp --sport 9092 -j ACCEPT + - ip6tables -A INPUT -i eth0 -p tcp --sport 9092 -j ACCEPT + # Drop all other traffic - iptables -A OUTPUT -o eth0 -j DROP - ip6tables -A OUTPUT -o eth0 -j DROP