From 62c95175ccd7828cd24a19685214be549c3c56ef Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 18 Jan 2022 11:23:57 -0600 Subject: [PATCH] Only allow ZeroTier connections for ejabberd cluster --- .../kosmos-ejabberd/recipes/firewall.rb | 24 ++----------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb b/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb index 5d2ac3a..968da9b 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb @@ -2,28 +2,6 @@ # Cookbook:: kosmos-ejabberd # Recipe:: firewall # -# The MIT License (MIT) -# -# Copyright:: 2020, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - include_recipe "kosmos-base::firewall" firewall_rule "ejabberd" do @@ -34,12 +12,14 @@ end firewall_rule 'ejabberd_cluster' do port [4369] + source "10.1.1.0/24" protocol :tcp command :allow end firewall_rule 'erlang_cluster' do port [4200..4210] + source "10.1.1.0/24" protocol :tcp command :allow end