Commit bb3eec4c authored by Mike Hibler's avatar Mike Hibler

New firewall style, 'emulab', for elab in elab experiments

parent 9adc56c0
......@@ -40,6 +40,7 @@ sitevars:
@mysqldump -t tbdb sitevariables > sitevars-create.sql
fwrules:
@mysqldump -t tbdb default_firewall_rules > fwrules-create.sql
@echo "DELETE FROM default_firewall_rules;" > fwrules-create.sql
@mysqldump -t tbdb default_firewall_rules >> fwrules-create.sql
dist: db-fill-dist
......@@ -57,7 +57,7 @@ CREATE TABLE current_reloads (
CREATE TABLE default_firewall_rules (
type enum('ipfw','ipfw2','ipchains','ipfw2-vlan') NOT NULL default 'ipfw',
style enum('open','closed','basic') NOT NULL default 'basic',
style enum('open','closed','basic','emulab') NOT NULL default 'basic',
enabled tinyint(4) NOT NULL default '0',
ruleno int(10) unsigned NOT NULL default '0',
rule text NOT NULL,
......@@ -414,7 +414,7 @@ CREATE TABLE firewalls (
eid varchar(32) NOT NULL default '',
fwname varchar(32) NOT NULL default '',
type enum('ipfw','ipfw2','ipchains','ipfw2-vlan') NOT NULL default 'ipfw',
style enum('open','closed','basic') NOT NULL default 'basic',
style enum('open','closed','basic','emulab') NOT NULL default 'basic',
vlan int(11) default NULL,
vlanid int(11) default NULL,
PRIMARY KEY (pid,eid,fwname),
......
......@@ -2172,3 +2172,13 @@ last_net_act,last_cpu_act,last_ext_act);
alter table node_types add (isrebootable tinyint(1) default '1');
1.288: Add "emulab" style of firewall for elabinelab
ALTER table firewalls MODIFY style \
enum('open','closed','basic','emulab') not NULL default 'basic';
ALTER table default_firewall_rules MODIFY style \
enum('open','closed','basic','emulab') not NULL default 'basic';
and update the default rules:
mysql tbdb < fwrules-create.sql
DELETE FROM default_firewall_rules;
-- MySQL dump 8.23
--
-- Host: localhost Database: tbdb
......@@ -55,7 +56,6 @@ INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,55110,'check-
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,55120,'allow tcp from any to any established');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,55001,'deny all from any to me via vlan0');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,55000,'allow all from me to me');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,65534,'deny all from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55321,'allow udp from any not 0-700 to fs keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55320,'allow ip from any to fs 111 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55312,'allow udp from any not 0-1023 to 155.98.32.0/23 not 0-1023');
......@@ -74,6 +74,7 @@ INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55130,'allow a
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55120,'allow tcp from any to any established');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55110,'check-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55100,'allow mac-type arp');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','closed',1,65534,'deny all from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55001,'deny all from any to me via vlan0');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55000,'allow all from me to me');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55322,'allow udp from any to fs 900 keep-state');
......@@ -85,4 +86,35 @@ INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55402,'allow i
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55200,'allow tcp from any to any 22 setup');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,55500,'allow icmp from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','basic',1,65534,'deny all from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55000,'allow all from me to me');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55001,'deny all from any to me via vlan0');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55100,'allow mac-type arp');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55110,'check-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55120,'allow tcp from any to any established');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55130,'allow all from any to any frag');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55201,'allow tcp from any to any 80,443 setup keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55210,'allow udp from any to boss 53 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55220,'allow ip from any to boss 123 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55230,'allow ip from any to ops 514 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55240,'allow udp from fs 2049 to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55241,'allow udp from any to fs 2049');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55250,'allow ip from any to boss 5999 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55260,'allow ip from any to ops 2917 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55300,'allow udp from any 67 to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55301,'allow udp from any to any 67');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55310,'allow udp from 155.98.32.0/23 not 0-1023 to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55311,'allow udp from any to 155.98.32.0/23 69');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55312,'allow udp from any not 0-1023 to 155.98.32.0/23 not 0-1023');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55320,'allow ip from any to fs 111 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55321,'allow udp from any not 0-700 to fs keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55322,'allow udp from any to fs 900 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55330,'allow udp from any to boss 6969 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55340,'allow ip from any to boss 7777 keep-state');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55400,'allow udp from any to 234.5.6.0/24');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55401,'allow udp from boss 3564-3820 to any 3564-3820');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55402,'allow igmp from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55200,'allow tcp from any to any 22 setup');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55500,'allow icmp from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,65534,'deny all from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw2-vlan','emulab',1,55202,'allow tcp from any to any 3069 setup keep-state');
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment