From 3d2a0fd719f2cac521aafe0a9ab468ed46fa88ff Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 17 Dec 2024 11:58:37 +0000 Subject: [PATCH 1/1] Update ACLs to include equinix IP addresses --- cookbooks/tile/templates/default/apache.erb | 16 ++++++++++---- roles/backup.rb | 24 ++++++++++++++------- 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb index 9652ec825..767baf3e3 100644 --- a/cookbooks/tile/templates/default/apache.erb +++ b/cookbooks/tile/templates/default/apache.erb @@ -75,14 +75,22 @@ <% @admins.sort.each do |address| -%> Require ip <%= address %> <% end -%> - # OSM Amsterdam IPv4 + # OSM Amsterdam IPv4 (he.net) Require ip 184.104.179.128/27 - # OSM Amsterdam IPv6 + # OSM Amsterdam IPv4 (equinix) + Require ip 82.199.86.96/27 + # OSM Amsterdam IPv6 (he.net) Require ip 2001:470:1:fa1::/64 - # OSM Dublin IPv4 + # OSM Amsterdam IPv6 (equinix) + # Require ip + # OSM Dublin IPv4 (he.net) Require ip 184.104.226.96/27 - # OSM Dublin IPv6 + # OSM Dublin IPv4 (equinix) + Require ip 87.252.214.96/27 + # OSM Dublin IPv6 (he.net) Require ip 2001:470:1:b3b::/64 + # OSM Dublin IPv6 (equinix) + Require ip 2001:4d78:fe03:1c::/64 # OSM UCL IPv4 Require ip 193.60.236.0/24 diff --git a/roles/backup.rb b/roles/backup.rb index 00c73fd82..f60e444c4 100644 --- a/roles/backup.rb +++ b/roles/backup.rb @@ -16,11 +16,15 @@ default_attributes( :hosts_allow => [ "193.60.236.0/24", # ucl external "10.0.48.0/20", # amsterdam internal - "184.104.179.128/27", # amsterdam external - "2001:470:1:fa1::/64", # amsterdam external + "184.104.179.128/27", # amsterdam external (he.net) + "2001:470:1:fa1::/64", # amsterdam external (he.net) + "82.199.86.96/27", # amsterdam external (equinix) + # "/64", # amsterdam external (equinix) "10.0.64.0/20", # dublin internal - "184.104.226.96/27", # dublin external - "2001:470:1:b3b::/64", # dublin external + "184.104.226.96/27", # dublin external (he.net) + "2001:470:1:b3b::/64", # dublin external (he.net) + "87.252.214.96/27", # dublin external (equinix) + "2001:4d78:fe03:1c::/64", # dublin external (equinix) "10.0.32.0/20", # bytemark internal "89.16.162.16/28", # bytemark external "2001:41c9:2:d6::/64", # bytemark external @@ -46,11 +50,15 @@ default_attributes( :hosts_allow => [ "193.60.236.0/24", # ucl external "10.0.48.0/20", # amsterdam internal - "184.104.179.128/27", # amsterdam external - "2001:470:1:fa1::/64", # amsterdam external + "184.104.179.128/27", # amsterdam external (he.net) + "2001:470:1:fa1::/64", # amsterdam external (he.net) + "82.199.86.96/27", # amsterdam external (equinix) + # "/64", # amsterdam external (equinix) "10.0.64.0/20", # dublin internal - "184.104.226.96/27", # dublin external - "2001:470:1:b3b::/64", # dublin external + "184.104.226.96/27", # dublin external (he.net) + "2001:470:1:b3b::/64", # dublin external (he.net) + "87.252.214.96/27", # dublin external (equinix) + "2001:4d78:fe03:1c::/64", # dublin external (equinix) "10.0.32.0/20", # bytemark internal "89.16.162.16/28", # bytemark external "2001:41c9:2:d6::/64", # bytemark external -- 2.39.5