forked from medined/accumulo_stackscript
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiptables.firewall.rules
58 lines (40 loc) · 1.46 KB
/
iptables.firewall.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
*filter
# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT
# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Zookeeper
-A INPUT -p tcp --dport 2181 -j ACCEPT
# Accumulo TSERVER
-A INPUT -p tcp --dport 9997 -j ACCEPT
# Accumulo TRACE
-A INPUT -p tcp --dport 12234 -j ACCEPT
# Hadoop Job Tracker
-A INPUT -p tcp --dport 50030 -j ACCEPT
# Hadoop Name Node
-A INPUT -p tcp --dport 50070 -j ACCEPT
# Hadoop Secondary Name Node. No reason to expose this.
#-A INPUT -p tcp --dport 50090 -j ACCEPT
# Accumulo GC
-A INPUT -p tcp --dport 50091 -j ACCEPT
# Accumulo
-A INPUT -p tcp --dport 50095 -j ACCEPT
# Allow SSH connections
#
# The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT