[EHPweb] DFC DMZ Firewall Updates
Christopher J Bidwell
cbidwell at usgs.gov
Thu Nov 20 17:45:23 GMT 2008
All, for those who are involved with DFC DMZ servers, please review the
list below and let me know if any of these rules can be removed.
Please verify whether the permits are still needed AND that the source IP
addresses are still valid and have appropriate ISA/MOUs on file.
Ciimwebden ICMP, 2222, 22 Allowed by PSS except for maybe icmp
Untrust Public DMZ 968162 permit icmp host 128.110.129.53/32
host 137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 128.110.129.54/32
host 137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 128.32.149.90/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 128.95.16.8/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 131.215.66.180/32
host 137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 131.215.66.39/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 131.215.66.41/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 131.215.68.34/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 131.215.68.6/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 131.215.68.7/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 205.238.72.15/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 38.116.153.71/32 host
137.227.224.66/32 eq ANY
Untrust Public DMZ 968162 permit icmp host 63.193.152.100/32
host 137.227.224.66/32 eq ANY
Untrust Public DMZ 968163 permit udp host 128.95.166.129/32
host 137.227.224.66/32 eq 2222
Untrust Public DMZ 968163 permit tcp host 128.95.166.129/32
host 137.227.224.66/32 eq 2222
Untrust Public DMZ 968164 permit tcp host 128.110.129.53/32
host 137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 128.110.129.54/32
host 137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 128.32.149.90/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 128.95.16.8/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 131.215.66.180/32
host 137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 131.215.66.39/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 131.215.66.41/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 131.215.68.34/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 131.215.68.6/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 131.215.68.7/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 205.238.72.15/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 38.116.153.71/32 host
137.227.224.66/32 eq 22
Untrust Public DMZ 968164 permit tcp host 63.193.152.100/32
host 137.227.224.66/32 eq 22
Untrust Public DMZ 968179 permit tcp host 131.215.68.108/32
host 137.227.224.66/32 eq 22
----------------------
EHZden 22, 2222
Untrust Public DMZ 968035 permit tcp host 128.110.129.53/32
host 137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 128.110.129.54/32
host 137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 128.32.149.90/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 128.95.16.8/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 131.215.66.180/32
host 137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 131.215.66.39/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 131.215.66.41/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 131.215.68.34/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 131.215.68.6/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 131.215.68.7/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 205.238.72.15/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 38.116.153.71/32 host
137.227.224.73/32 eq 22
Untrust Public DMZ 968035 permit tcp host 63.193.152.100/32
host 137.227.224.73/32 eq 22
Untrust Public DMZ 968143 permit tcp host 169.229.197.46/32
host 137.227.224.73/32 eq 22
Untrust Public DMZ 968143 permit tcp host 207.225.110.151/32
host 137.227.224.73/32 eq 22
Untrust Public DMZ 968036 permit tcp host 128.95.166.129/32
host 137.227.224.73/32 eq 2222
Untrust Public DMZ 968036 permit udp host 128.95.166.129/32
host 137.227.224.73/32 eq 2222
Untrust Public DMZ 968037 permit icmp host 128.110.129.53/32
host 137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 128.110.129.54/32
host 137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 128.32.149.90/32 host
137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 128.95.16.8/32 host
137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 131.215.66.180/32
host 137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 131.215.66.39/32 host
137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 131.215.66.41/32 host
137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 131.215.68.34/32 host
137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 131.215.68.6/32 host
137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 131.215.68.7/32 host
137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 205.238.72.15/32 host
137.227.224.73/32 eq ANY
Untrust Public DMZ 968037 permit icmp host 38.116.153.71/32 host
137.227.224.73/32 eq ANY
Mesa ports 2222, IP and ICMP
Untrust Public DMZ 968041 permit udp host 128.95.166.129/32
host 137.227.224.75/32 eq 2222
Untrust Public DMZ 968041 permit tcp host 128.95.166.129/32
host 137.227.224.75/32 eq 2222
Untrust Public DMZ 968042 permit icmp host 128.110.129.53/32
host 137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 128.110.129.54/32
host 137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 128.32.149.90/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 128.95.16.8/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 131.215.66.180/32
host 137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 131.215.66.39/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 131.215.66.41/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 131.215.68.34/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 131.215.68.6/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 131.215.68.7/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 205.238.72.15/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 38.116.153.71/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968042 permit icmp host 63.193.152.100/32
host 137.227.224.75/32 eq ANY
Untrust Public DMZ 968147 permit ip host 131.215.68.52/32 host
137.227.224.75/32 eq ANY
Untrust Public DMZ 968040 permit tcp host 128.110.129.53/32
host 137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 128.110.129.54/32
host 137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 128.32.149.90/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 128.95.16.8/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 131.215.66.180/32
host 137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 131.215.66.39/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 131.215.66.41/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 131.215.66.39/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 131.215.66.41/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 131.215.68.34/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 131.215.68.6/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 131.215.68.7/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 205.238.72.15/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 38.116.153.71/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968040 permit tcp host 63.193.152.100/32
host 137.227.224.75/32 eq 22
Untrust Public DMZ 968143 permit tcp host 169.229.197.46/32
host 137.227.224.75/32 eq 22
Untrust Public DMZ 968143 permit tcp host 207.225.110.151/32
host 137.227.224.75/32 eq 22
Untrust Public DMZ 968144 permit tcp host 134.197.33.3/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968144 permit tcp host 134.197.33.80/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968213 permit tcp host 131.215.68.89/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968381 permit tcp host 128.95.16.12/32 host
137.227.224.75/32 eq 22
Untrust Public DMZ 968395 permit tcp host 137.239.37.186/32
host 137.227.224.75/32 eq 22
eids1.cr.usgs.gov 2222,2223, 29977, 29988, 39977, 39988
Untrust Public DMZ 968310 permit tcp host 128.95.166.129/32
host 137.227.224.89/32 eq 2222
Untrust Public DMZ 968310 permit tcp host 131.215.68.148/32
host 137.227.224.89/32 eq 2222
Untrust Public DMZ 968417 permit tcp host 131.215.68.148/32
host 137.227.224.89/32 eq 2223
Untrust Public DMZ 968417 permit tcp host 131.215.68.148/32
host 137.227.224.89/32 eq 29977
Untrust Public DMZ 968417 permit tcp host 131.215.68.148/32
host 137.227.224.89/32 eq 29988
Untrust Public DMZ 968309 permit tcp host 128.95.166.129/32
host 137.227.224.89/32 eq 39977
Untrust Public DMZ 968309 permit tcp host 131.215.68.148/32
host 137.227.224.89/32 eq 39977
Untrust Public DMZ 968309 permit tcp host 128.95.166.129/32
host 137.227.224.89/32 eq 39988
Untrust Public DMZ 968309 permit tcp host 131.215.68.148/32
host 137.227.224.89/32 eq 39988
Untrust Public DMZ 968308 permit tcp 131.215.61.0/24 host
137.227.224.89/32 eq 22
Untrust Public DMZ 968308 permit tcp 131.215.66.0/24 host
137.227.224.89/32 eq 22
Untrust Public DMZ 968308 permit tcp 131.215.68.0/24 host
137.227.224.89/32 eq 22
Untrust Public DMZ 968310 permit udp host 128.95.166.129/32
host 137.227.224.89/32 eq 2222
Untrust Public DMZ 968310 permit udp host 131.215.68.148/32
host 137.227.224.89/32 eq 2222
----------------
Thanks,
Chris Bidwell, RHCT
Web Administrator
Geologic Hazards Team
US Geological Survey
email: cbidwell at usgs.gov
work: 303-273-8642
mobile: 303-435-6362
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://geohazards.usgs.gov/pipermail/ehpweb/attachments/20081120/f0f38e08/attachment-0001.html
More information about the EHPweb
mailing list