updated firewall rules

author: cassio <cassiopc@gmail.com> 2015-09-10 11:36:10 +0000
committer: cassio <cassiopc@gmail.com> 2015-09-10 11:36:10 +0000
commit: 40ed6646e902830881fe2c530ce110d73f5a5a0b (patch)
tree: ea3a9a0b4a512d05f5e7632c5e734759a6f1f77c /tools
parent: eab4a88d06b8b845a8983af59da71457aa9f3dd6 (diff)
download: boca-40ed6646e902830881fe2c530ce110d73f5a5a0b.tar.gz
boca-40ed6646e902830881fe2c530ce110d73f5a5a0b.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/tools/etc/network/if-up.d/boca b/tools/etc/network/if-up.d/boca
index 0f31ee0..20ff38f 100644
--- a/tools/etc/network/if-up.d/boca
+++ b/tools/etc/network/if-up.d/boca
@@ -6,9 +6,22 @@ fi
 /sbin/iptables -F INPUT
 /sbin/iptables -A INPUT -i lo -j ACCEPT
 /sbin/iptables -A INPUT -s 143.107.255.15 -j ACCEPT
+
+# just to make things easier, let's allow communication to/from BOCA servers
+/sbin/iptables -A INPUT -s 45.33.30.235 -j ACCEPT
+/sbin/iptables -A INPUT -s 50.116.19.221 -j ACCEPT
+
 if [ "$BOCASERVER" != "" ]; then
   /sbin/iptables -A INPUT -s $BOCASERVER -j ACCEPT
 fi
+if [ "$BOCASERVERS" != "" ]; then
+	for i in `echo $BOCASERVERS | tr ';' ' '`; do
+		/sbin/iptables -A INPUT -s $i -j ACCEPT
+	done
+fi
+/sbin/iptables -A INPUT -m udp -p udp -s 0/0 --sport 67:68 --dport 67:68 -j ACCEPT
+/sbin/iptables -A INPUT -m udp -p udp -s 0/0 --sport 53 --dport 53 -j ACCEPT
+/sbin/iptables -A INPUT -m tcp -p tcp -s 0/0 --sport 53 --dport 53 -j ACCEPT
 /sbin/iptables -A INPUT -j REJECT
 else
 	if [ -x /etc/icpc/bocaserver.iptables ]; then
author	cassio <cassiopc@gmail.com>	2015-09-10 11:36:10 +0000
committer	cassio <cassiopc@gmail.com>	2015-09-10 11:36:10 +0000
commit	40ed6646e902830881fe2c530ce110d73f5a5a0b (patch)
tree	ea3a9a0b4a512d05f5e7632c5e734759a6f1f77c /tools
parent	eab4a88d06b8b845a8983af59da71457aa9f3dd6 (diff)
download	boca-40ed6646e902830881fe2c530ce110d73f5a5a0b.tar.gz boca-40ed6646e902830881fe2c530ce110d73f5a5a0b.zip