5.1 KiB
5.1 KiB
1 | Rule | Action | Ticket | Status | Source_IP | Source_Server | Destination_IP | Destination_Server | Port_TCP | Port_UDP | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|
2 | SKYNET_FIREWALL_00000 | Add | Complete | VPN | - | 93.1.99.71 - 193.1.99.126 | All | 22 | - | sftp/ssh required from vpn to servers for admins | |
3 | SKYNET_FIREWALL_00001 | Add | Complete | All | - | 193.1.99.109 | SKYNET00004 | - | 53 | Nameserver for skynet.ie | |
4 | SKYNET_FIREWALL_00002 | Add | Complete | All | - | 193.1.99.111 | SKYNET00005 | 80, 443, 8000 | - | ULFM, http(s) for internet streaming, 8000 for connecting to the server. | |
5 | SKYNET_FIREWALL_00003 | Add | Complete | All | - | 193.1.99.112 | SKYNET00006 | 80, 443, 25565 | - | Games host, Minecraft uses 25565 (will have more ports in the future) | |
6 | SKYNET_FIREWALL_00004 | Add | Complete | All | - | 193.1.99.120 | SKYNET00002 | - | 53 | Nameserver for skynet.ie | |
7 | SKYNET_FIREWALL_00005 | Add | i23-01-19_681 | Complete | 193.1.99.72 | SKYNET00001 | All | - | - | - | Allow outbound access |
8 | SKYNET_FIREWALL_00006 | Add | i23-01-19_681 | Complete | 193.1.99.75 | SKYNET00008 | All | - | - | - | Allow outbound access |
9 | SKYNET_FIREWALL_00007 | Add | i23-01-19_681 | Complete | 193.1.99.109 | SKYNET00004 | All | - | - | - | Allow outbound access |
10 | SKYNET_FIREWALL_00008 | Add | i23-01-19_681 | Complete | 193.1.99.111 | SKYNET00005 | All | - | - | - | Allow outbound access |
11 | SKYNET_FIREWALL_00009 | Add | i23-01-19_681 | Complete | 193.1.99.112 | SKYNET00006 | All | - | - | - | Allow outbound access |
12 | SKYNET_FIREWALL_00010 | Add | i23-01-19_681 | Complete | 193.1.99.120 | SKYNET00002 | All | - | - | - | Allow outbound access |
13 | SKYNET_FIREWALL_00011 | Add | i23-05-18_249 | Complete | All | - | 193.1.99.75 | SKYNET00008 | 80, 443 | - | For gitlab Access |
14 | SKYNET_FIREWALL_00012 | Add | i23-05-18_249 | Complete | 193.1.99.72 - 193.1.99.126 | - | All | - | - | - | I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages). I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones. In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control. Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured. |
15 | SKYNET_FIREWALL_00013 | Add | i23-05-18_249 | Complete | All | - | 193.1.99.76 | SKYNET00009 | 143, 993, 587, 465 | - | Email Server |
16 | SKYNET_FIREWALL_00014 | Add | i23-06-19_525 | Complete | All | - | 193.1.99.76 | SKYNET00009 | 80, 443, 25 | - | Mailserver here, SPF, DKIM and DMARC are all set up |
17 | SKYNET_FIREWALL_00015 | Add | i23-06-19_525 | Complete | All | - | 193.1.99.79 | SKYNET00011 | 80, 443 | - | Main Skynet webserver |
18 | SKYNET_FIREWALL_00016 | Add | i23-06-30_024 | Complete | All | - | 193.1.96.165 | SKYNET00012 | 22 | - | Skynet user's server Outlet is 131 or 132 |
19 | SKYNET_FIREWALL_00017 | Add | i23-06-30_024 | Complete | 193.1.96.165 | SKYNET00012 | 193.1.99.120 | SKYNET00002 | - | 53 | Allow Skynet server to use our own internal DNS |
20 | SKYNET_FIREWALL_00018 | Add | i23-06-30_024 | Complete | 193.1.96.165 | SKYNET00012 | 193.1.99.74 | SKYNET00007 | 389/636 | - | Allow Skynet server to access LDAP |
21 | Add | i23-07-28_010 | Denied | All | - | 193.1.99.74 | SKYNET00007 | 80, 443 | - | Self Service site for Skynet accounts – Only 443 on account modification pages | |
22 | SKYNET_FIREWALL_00019 | Add | i23-07-28_010 | Complete | All | - | 193.1.99.74 | SKYNET00007 | 443 | - | Self Service site for Skynet accounts |
23 | SKYNET_FIREWALL_00020 | Add | i23-09-05_639 | Complete | All | - | 193.1.96.165 | SKYNET00012 | 80, 443 | - | Web hosting for user sites |
24 | SKYNET_FIREWALL_00021 | Add | i23-10-27_014 | Complete | All | - | 193.1.99.77 | SKYNET00014 | 80, 443 | - | Nextcloud, selfhosted google services, filestorage and documents |
25 | SKYNET_FIREWALL_00022 | Add | i24-02-01_102 | Complete | 193.1.96.165 | SKYNET00012 | 103.1.99.109 | SKYNET00004 | - | 53 | Give the Skynet server access to ur secondary DNS |
26 | SKYNET_FIREWALL_00023 | Add | i24-02-01_102 | Complete | 193.1.99.78 | SKYNET00010 | 193.1.96.165 | SKYNET00012 | 22 | - | Allow our gitlab runner to access and deploy to teh external server |
27 | SKYNET_FIREWALL_00024 | Add | i24-02-16_065 | Complete | All | - | 193.1.99.90 | SKYNET00016 | 80, 443 | - | Games Server Administrative panel |
28 | SKYNET_FIREWALL_00025 | Add | i24-02-16_065 | Complete | All | - | 193.1.99.91 | SKYNET00017 | 25518-25525 | 19132, 24418-24425 | Minecraft Games server |
29 | SKYNET_FIREWALL_00026 | Add | i24-06-04_017 | Complete | All | - | 193.1.99.76 | SKYNET00009 | 4190 | - | Email sieve to allow members to add email filters to their skynet mail. |
30 | SKYNET_FIREWALL_00027 | Add | i24-06-04_017 | Complete | All | - | 193.1.99.82 | SKYNET00018 | 80/443 | - | Public services such as a binary cache, open governance and keyserver |
31 | Add | i24-06-04_017 | Denied | All | - | 193.1.99.90 | SKYNET00016 | 8080 | - | Websocket for admin panel on games management server Denied because more information on wat it was for was requested | |
32 | Add | i24-06-04_017 | Denied | 193.1.99.74 | SKYNET00007 | 193.1.96.165 | SKYNET00012 | 9000-9020 | - | Metrics collection, not done because not enough info provided | |
33 | SKYNET_FIREWALL_00028 | Remove | i24-06-04_017 | Complete | - | - | 193.1.99.112 | SKYNET00019 | 25565 | - | No longer the minecraft game host |
34 | Add | i24-06-04_017 | Pending | All | - | 193.1.99.90 | SKYNET00016 | 8080 | - | Websocket for admin panel on games management server | |
35 | Add | i24-06-04_017 | Pending | 193.1.99.83 | SKYNET00020 | 193.1.96.165 | SKYNET00012 | 9000-9010 | - | Metrics Collection | |
36 | Add | i24-06-04_017 | Pending | All | - | 193.1.99.83 | SKYNET00020 | 80, 443 | - | Web interface for Metrics server |