From 297ca92860f7e2041e93a33f514d28dfbab568ca Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 8 May 2023 05:52:02 -0500 Subject: [PATCH] Removed 80/443 port forwards. --- config-parts/firewall-name.sh | 7 +------ config-parts/firewall.sh | 15 --------------- config-parts/nat.sh | 15 --------------- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/config-parts/firewall-name.sh b/config-parts/firewall-name.sh index e7897b8..37b6a96 100644 --- a/config-parts/firewall-name.sh +++ b/config-parts/firewall-name.sh @@ -693,12 +693,7 @@ set firewall name wan-local rule 1 protocol 'udp' set firewall name wan-servers default-action 'drop' set firewall name wan-servers description 'From WAN to SERVERS' set firewall name wan-servers enable-default-log -set firewall name wan-servers rule 1 action 'accept' -set firewall name wan-servers rule 1 description 'Rule: accept_ingress_from_cloudflare' -set firewall name wan-servers rule 1 destination group address-group 'k8s_ingress' -set firewall name wan-servers rule 1 destination port 'http,https' -set firewall name wan-servers rule 1 protocol 'tcp' -set firewall name wan-servers rule 1 source group network-group 'cloudflare-ipv4' + ## Plex set firewall name wan-servers rule 10 action 'accept' set firewall name wan-servers rule 10 destination port 32400 diff --git a/config-parts/firewall.sh b/config-parts/firewall.sh index 3627672..160f1d8 100644 --- a/config-parts/firewall.sh +++ b/config-parts/firewall.sh @@ -122,21 +122,6 @@ set firewall group address-group wall_displays address '10.1.3.53' set firewall group address-group wall_displays address '10.1.3.54' # Network groups -set firewall group network-group cloudflare-ipv4 network '173.245.48.0/20' -set firewall group network-group cloudflare-ipv4 network '103.21.244.0/22' -set firewall group network-group cloudflare-ipv4 network '103.22.200.0/22' -set firewall group network-group cloudflare-ipv4 network '103.31.4.0/22' -set firewall group network-group cloudflare-ipv4 network '141.101.64.0/18' -set firewall group network-group cloudflare-ipv4 network '108.162.192.0/18' -set firewall group network-group cloudflare-ipv4 network '190.93.240.0/20' -set firewall group network-group cloudflare-ipv4 network '188.114.96.0/20' -set firewall group network-group cloudflare-ipv4 network '197.234.240.0/22' -set firewall group network-group cloudflare-ipv4 network '198.41.128.0/17' -set firewall group network-group cloudflare-ipv4 network '162.158.0.0/15' -set firewall group network-group cloudflare-ipv4 network '104.16.0.0/13' -set firewall group network-group cloudflare-ipv4 network '104.24.0.0/14' -set firewall group network-group cloudflare-ipv4 network '172.64.0.0/13' -set firewall group network-group cloudflare-ipv4 network '131.0.72.0/22' set firewall group network-group k8s_services network '10.45.0.0/16' diff --git a/config-parts/nat.sh b/config-parts/nat.sh index 28046a7..eff4bfd 100644 --- a/config-parts/nat.sh +++ b/config-parts/nat.sh @@ -1,20 +1,5 @@ #!/bin/vbash -# Forward HTTP(S) to ingress -set nat destination rule 100 description 'HTTPS' -set nat destination rule 100 destination port '443' -set nat destination rule 100 inbound-interface 'eth0' -set nat destination rule 100 protocol 'tcp' -set nat destination rule 100 translation address '10.45.0.1' -set nat destination rule 100 translation port '443' - -set nat destination rule 101 description 'HTTP' -set nat destination rule 101 destination port '80' -set nat destination rule 101 inbound-interface 'eth0' -set nat destination rule 101 protocol 'tcp' -set nat destination rule 101 translation address '10.45.0.1' -set nat destination rule 101 translation port '80' - # Forward Plex to Sting set nat destination rule 110 description 'PLEX' set nat destination rule 110 destination port '32400'