Skip to content

Instantly share code, notes, and snippets.

@lessless

lessless/postgresql-fw.sh

Last active March 5, 2016 15:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lessless/5e6a4a86c7d5ac76e3df to your computer and use it in GitHub Desktop.
Save lessless/5e6a4a86c7d5ac76e3df to your computer and use it in GitHub Desktop.
Download ZIP
Raw
postgresql-fw.sh
#!/usr/bin/env bash
DB_MASTER=xxx
DB_BACKUP=yyy
# server
iptables -A INPUT -p tcp -s $DB_BACKUP --sport 1024:65535 -d $DB_MASTER --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $DB_MASTER --sport 5432 -d $DB_BACKUP --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#client
iptables -A OUTPUT -p tcp -s $DB_MASTER --sport 1024:65535 -d 0/0 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 5432 -d $DB_MASTER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 0:65535 -d $DB_MASTER --dport 5432 -j TARPIT
# SLAVE
#!/usr/bin/env bash
DB_MASTER=xxx
DB_BACKUP=yyy
# server
iptables -A INPUT -p tcp -s $DB_MASTER --sport 1024:65535 -d $DB_BACKUP --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $DB_BACKUP --sport 5432 -d $DB_MASTER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
#client
iptables -A OUTPUT -p tcp -s $DB_BACKUP --sport 1024:65535 -d 0/0 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 5432 -d $DB_BACKUP --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 0:65535 -d $DB_BACKUP --dport 5432 -j REJECT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment