Last active
March 5, 2016 15:38
-
-
Save lessless/5e6a4a86c7d5ac76e3df to your computer and use it in GitHub Desktop.
Revisions
-
lessless revised this gist
Mar 5, 2016 . 1 changed file with 21 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,7 @@ #!/usr/bin/env bash DB_MASTER=xxx DB_BACKUP=yyy # server iptables -A INPUT -p tcp -s $DB_BACKUP --sport 1024:65535 -d $DB_MASTER --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s $DB_MASTER --sport 5432 -d $DB_BACKUP --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT @@ -6,4 +10,20 @@ iptables -A OUTPUT -p tcp -s $DB_MASTER --sport 5432 -d $DB_BACKUP --dport 1024: iptables -A OUTPUT -p tcp -s $DB_MASTER --sport 1024:65535 -d 0/0 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 5432 -d $DB_MASTER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 0:65535 -d $DB_MASTER --dport 5432 -j TARPIT # SLAVE #!/usr/bin/env bash DB_MASTER=xxx DB_BACKUP=yyy # server iptables -A INPUT -p tcp -s $DB_MASTER --sport 1024:65535 -d $DB_BACKUP --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s $DB_BACKUP --sport 5432 -d $DB_MASTER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT #client iptables -A OUTPUT -p tcp -s $DB_BACKUP --sport 1024:65535 -d 0/0 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 5432 -d $DB_BACKUP --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 0:65535 -d $DB_BACKUP --dport 5432 -j REJECT -
Mar 5, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,9 @@ # server iptables -A INPUT -p tcp -s $DB_BACKUP --sport 1024:65535 -d $DB_MASTER --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s $DB_MASTER --sport 5432 -d $DB_BACKUP --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT #client iptables -A OUTPUT -p tcp -s $DB_MASTER --sport 1024:65535 -d 0/0 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 5432 -d $DB_MASTER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 -sport 1024:65535 -d $DB_MASTER --dport 5432 -j DENY