diff --git a/firewall.conf b/firewall.conf index b96d013885..8a0170aab0 100755 --- a/firewall.conf +++ b/firewall.conf @@ -13,28 +13,29 @@ if [ $? -ne 0 ]; then iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT fi -# Allow all loopback traffic +# Allow all loopback traffic. iptables -I INPUT 1 -i lo -j ACCEPT -# Allow all SSH traffic +# Allow all SSH traffic. iptables -A INPUT -p tcp --dport ssh -j ACCEPT -# Allow for all traffic from anywhere for the following services +# Allow for all traffic from anywhere for the following services. iptables -A INPUT -p tcp --dport 80 -j ACCEPT # nginx iptables -A INPUT -p tcp --dport 443 -j ACCEPT # nginx (SSL) -iptables -A INPUT -p tcp --dport 2812 -j ACCEPT # monit dashboard iptables -A INPUT -p tcp --dport 5222 -j ACCEPT # ejabberd -iptables -A INPUT -p tcp --dport 5555 -j ACCEPT # Celery Flower - -# Uncomment the following line to enable TaskQueue REST API access. -#iptables -A INPUT -p tcp --dport 8199 -j ACCEPT # TaskQueue REST API Endpoint - iptables -A INPUT -p tcp --dport 8080:8099 -j ACCEPT # nginx -> Google App Engine -#iptables -A INPUT -p tcp --dport 8100:8119 -j ACCEPT # Uncomment these ports to enable datastore viewer iptables -A INPUT -p tcp --dport 4380:4400 -j ACCEPT # nginx -> Google App Engine (SSL) iptables -A INPUT -p tcp --dport 17443 -j ACCEPT # AppController iptables -A INPUT -p tcp --dport 17441 -j ACCEPT # AdminServer +# The following line enables debugging tools, viewers for queues and +# datastore. +#iptables -A INPUT -p tcp --dport 5555 -j ACCEPT # Celery Flower +#iptables -A INPUT -p tcp --dport 8100:8119 -j ACCEPT # datastore viewer + +# Uncomment the following line to enable TaskQueue REST API access. +#iptables -A INPUT -p tcp --dport 8199 -j ACCEPT # TaskQueue REST API Endpoint + # Dashboard # Note: If you are using Shibboleth for authentication, uncomment and edit the # following two lines to restrict access to the dashboard.