forgejo/infrastructure-documentation
1
0
Fork 0
mirror of https://code.forgejo.org/infrastructure/documentation synced 2024-11-14 17:21:52 +00:00
Code Issues Activity

allow everything between cluster nodes

Browse source 
The script will set the same firewall on all nodes.

Closes infrastructure/documentation#32
This commit is contained in:
Earl Warren 2024-10-19 13:57:23 +02:00
parent 2e13b2dbbe
commit f1d4913ebc
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
1 changed files with 25 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
README.md
View file

@ -74,16 +74,34 @@ sudo ufw default allow incoming
sudo ufw default allow outgoing sudo ufw default allow outgoing
sudo ufw default allow routed sudo ufw default allow routed
ips="88.198.58.177 2a01:4f8:222:507::2" # host specific interface=enp5s0
for host_ip in $ips ; do function internode() {
sudo ufw allow to $host_ip port 22 proto tcp for from in $@ ; do
sudo ufw deny to $host_ip for to in $@ ; do
if test $from != $to ; then
sudo ufw allow in on $interface from $from to $to
fi
done
done
}
ipv4="65.108.204.171 88.198.58.177"
internode $ipv4
ipv6="2a01:4f9:1a:a082::2 2a01:4f8:222:507::2"
internode $ipv6
for host_ip in $ipv4 $ipv6 ; do
sudo ufw allow in on $interface to $host_ip port 22 proto tcp
sudo ufw deny in on $interface log-all to $host_ip
done done
for public_ip in 188.40.16.47 2a01:4f8:fff2:48::2 ; do failover="188.40.16.47 2a01:4f8:fff2:48::2"
sudo ufw allow to $public_ip port 22,80,443,2000:3000 proto tcp
sudo ufw deny to $public_ip for public_ip in $failover ; do
sudo ufw allow in on $interface to $public_ip port 22,80,443,2000:3000 proto tcp
sudo ufw deny in on $interface log-all to $public_ip
done done
``` ```