Created
December 7, 2012 13:07
-
-
Save abulte/4233177 to your computer and use it in GitHub Desktop.
RethinkDB IP whitelist on service ports
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run as root" 1>&2 | |
| exit 1 | |
| fi | |
| # set default policies to allow everything | |
| # this should be DROP by default but out of scope... | |
| iptables -P INPUT ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| # flush / clean | |
| iptables -F | |
| iptables -X | |
| iptables -Z | |
| # allowed IPs | |
| IPS=( '127.0.0.1' '10.20.30.40' ) | |
| # Rethink ports | |
| PORTS=( 28015 29015 ) | |
| NPORTS=${#PORTS[@]} | |
| NIPS=${#IPS[@]} | |
| for (( j=0;j<$NPORTS;j++)); do | |
| for (( i=0;i<$NIPS;i++)); do | |
| iptables -A INPUT -s ${IPS[${i}]} -t filter -p tcp --dport ${PORTS[${j}]} -j ACCEPT | |
| done | |
| iptables -A INPUT -t filter -p tcp --dport ${PORTS[${j}]} -j DROP | |
| done | |
| # restart fail2ban to reapply iptables rules | |
| service fail2ban restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment