http://www.yougetsignal.com/tools/open-ports/
I have used this tool to check for a couple of ports I use in a side nodejs app, but the ferm.j2 rules blacklisted it and now all connections to these ports are refused.
The default open ports are here: https://github.com/roots/trellis/blob/master/group_vars/all/security.yml
You can add to this list to open up additional ones.
See the README at https://github.com/roots/trellis/tree/master/roles/ferm for documentation details.
So we can’t do this anymore in ferm.conf.j2?
proto tcp dport (3333) ACCEPT;
proto udp dport (3333) ACCEPT;
proto tcp dport (3444) ACCEPT;
proto udp dport (3444) ACCEPT;
proto tcp dport (7771) ACCEPT;
proto udp dport (7771) ACCEPT;
proto tcp dport (7772) ACCEPT;
proto udp dport (7772) ACCEPT;
Well you should customize via ferm_input_list:
ferm_input_list:
- type: dport_accept
dport: [http, https]
filename: nginx_accept
- type: dport_accept
dport: [ssh]
saddr: "{{ ip_whitelist }}"
- type: dport_limit
dport: [ssh]
seconds: 300
hits: 20
- type: dport_accept
dport: [3333, 3444, 7771, 7772]
protocol: tcp
- type: dport_accept
dport: [3333, 3444, 7771, 7772]
protocol: udp
1 Like