From ec21fbd25ad570cc514aa83a362e015edb68e4a5 Mon Sep 17 00:00:00 2001
From: Florent Gluck <florent.gluck@hesge.ch>
Date: Thu, 3 Oct 2024 14:10:18 +0200
Subject: [PATCH] Added ufw script to define default firewall rules on a nexus
 server system

---
 tools/firewall | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 tools/firewall

diff --git a/tools/firewall b/tools/firewall
new file mode 100644
index 00000000..f37d2772
--- /dev/null
+++ b/tools/firewall
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# DSI tools
+ufw allow from 195.176.241.240/29 to any port 9100 proto tcp
+ufw allow from 195.176.241.240/29 to any port 9877 proto tcp
+
+# Spice ports for running VMs
+ufw allow from any to any port 42000:48000 proto udp
+ufw allow from any to any port 42000:48000 proto tcp
+
+# nexus API
+ufw allow from any to any port 1077 proto tcp
+
+# ssh
+ufw allow from any to any port 22 proto tcp
+
+ufw enable
-- 
GitLab