nixos/ITD/Firewall_Rules.csv
esy afa3515cd8 fix: not showing in preview
single quotes works double doesnt for some reason
2024-08-16 18:57:47 +00:00

5.7 KiB
Raw Permalink Blame History

1RuleActionTicketStatusSource_IPSource_ServerDestination_IPDestination_ServerPort_TCPPort_UDPNotes
2SKYNET_FIREWALL_00000AddCompleteVPN-93.1.99.71 - 193.1.99.126All22-sftp/ssh required from vpn to servers for admins
3SKYNET_FIREWALL_00001AddCompleteAll-193.1.99.109SKYNET00004-53Nameserver for skynet.ie
4SKYNET_FIREWALL_00002AddCompleteAll-193.1.99.111SKYNET0000580, 443, 8000-ULFM, http(s) for internet streaming, 8000 for connecting to the server.
5SKYNET_FIREWALL_00003AddCompleteAll-193.1.99.112SKYNET0000680, 443, 25565-Games host, Minecraft uses 25565 (will have more ports in the future)
6SKYNET_FIREWALL_00004AddCompleteAll-193.1.99.120SKYNET00002-53Nameserver for skynet.ie
7SKYNET_FIREWALL_00005Addi23-01-19_681Complete193.1.99.72SKYNET00001All---Allow outbound access
8SKYNET_FIREWALL_00006Addi23-01-19_681Complete193.1.99.75SKYNET00008All---Allow outbound access
9SKYNET_FIREWALL_00007Addi23-01-19_681Complete193.1.99.109SKYNET00004All---Allow outbound access
10SKYNET_FIREWALL_00008Addi23-01-19_681Complete193.1.99.111SKYNET00005All---Allow outbound access
11SKYNET_FIREWALL_00009Addi23-01-19_681Complete193.1.99.112SKYNET00006All---Allow outbound access
12SKYNET_FIREWALL_00010Addi23-01-19_681Complete193.1.99.120SKYNET00002All---Allow outbound access
13SKYNET_FIREWALL_00011Addi23-05-18_249CompleteAll-193.1.99.75SKYNET0000880, 443-For gitlab Access
14SKYNET_FIREWALL_00012Addi23-05-18_249Complete193.1.99.72 - 193.1.99.126-All---I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages). I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones. In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control. Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured.
15SKYNET_FIREWALL_00013Addi23-05-18_249CompleteAll-193.1.99.76SKYNET00009143, 993, 587, 465-Email Server
16SKYNET_FIREWALL_00014Addi23-06-19_525CompleteAll-193.1.99.76SKYNET0000980, 443, 25-Mailserver here, SPF, DKIM and DMARC are all set up
17SKYNET_FIREWALL_00015Addi23-06-19_525CompleteAll-193.1.99.79SKYNET0001180, 443-Main Skynet webserver
18SKYNET_FIREWALL_00016Addi23-06-30_024CompleteAll-193.1.96.165SKYNET0001222-Skynet user's server Outlet is 131 or 132
19SKYNET_FIREWALL_00017Addi23-06-30_024Complete193.1.96.165SKYNET00012193.1.99.120SKYNET00002-53Allow Skynet server to use our own internal DNS
20SKYNET_FIREWALL_00018Addi23-06-30_024Complete193.1.96.165SKYNET00012193.1.99.74SKYNET00007389/636-Allow Skynet server to access LDAP
21Addi23-07-28_010DeniedAll-193.1.99.74SKYNET0000780, 443-Self Service site for Skynet accounts Only 443 on account modification pages
22SKYNET_FIREWALL_00019Addi23-07-28_010CompleteAll-193.1.99.74SKYNET00007443-Self Service site for Skynet accounts
23SKYNET_FIREWALL_00020Addi23-09-05_639CompleteAll-193.1.96.165SKYNET0001280, 443-Web hosting for user sites
24SKYNET_FIREWALL_00021Addi23-10-27_014CompleteAll-193.1.99.77SKYNET0001480, 443-Nextcloud, selfhosted google services, filestorage and documents
25SKYNET_FIREWALL_00022Addi24-02-01_102Complete193.1.96.165SKYNET00012103.1.99.109SKYNET00004-53Give the Skynet server access to ur secondary DNS
26SKYNET_FIREWALL_00023Addi24-02-01_102Complete193.1.99.78SKYNET00010193.1.96.165SKYNET0001222-Allow our gitlab runner to access and deploy to teh external server
27SKYNET_FIREWALL_00024Addi24-02-16_065CompleteAll-193.1.99.90SKYNET0001680, 443-Games Server Administrative panel
28SKYNET_FIREWALL_00025Addi24-02-16_065CompleteAll-193.1.99.91SKYNET0001725518-2552519132, 24418-24425Minecraft Games server
29SKYNET_FIREWALL_00026Addi24-06-04_017CompleteAll-193.1.99.76SKYNET000094190-Email sieve to allow members to add email filters to their skynet mail.
30SKYNET_FIREWALL_00027Addi24-06-04_017CompleteAll-193.1.99.82SKYNET0001880/443-Public services such as a binary cache, open governance and keyserver
31Addi24-06-04_017DeniedAll-193.1.99.90SKYNET000168080-Websocket for admin panel on games management server Denied because more information on wat it was for was requested
32Addi24-06-04_017Denied193.1.99.74SKYNET00007193.1.96.165SKYNET000129000-9020-Metrics collection, not done because not enough info provided
33SKYNET_FIREWALL_00028Removei24-06-04_017Complete--193.1.99.112SKYNET0001925565-No longer the minecraft game host
34SKYNET_FIREWALL_00029Addi24-06-04_017CompleteAll-193.1.99.90SKYNET000168080-Websocket for admin panel on games management server
35SKYNET_FIREWALL_00030Addi24-06-04_017Complete193.1.99.83SKYNET00020193.1.96.165SKYNET000129000-9010-Metrics Collection
36SKYNET_FIREWALL_00031Addi24-06-04_017CompleteAll-193.1.99.83SKYNET0002080, 443-Web interface for Metrics server
37SKYNET_FIREWALL_00032Removei24-06-04_017CompleteAll-193.1.99.90SKYNET000168080-Had incorrectly opened 8080 on the main panel
38SKYNET_FIREWALL_00033Addi24-06-04_017CompleteAll-193.1.99.91SKYNET000178080-Websocket for admin panel on games management server
39Addi24-07-15_112Denied193.1.99.75---22-Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet'