Adding the IP addresses of Arvan Cloud to the whitelist of iptables - ArvanCloud

ArvanCloud Blog

Read more about ArvanCloud news,
updates, products and services in ArvanCloud weblog.

Adding the IP addresses of Arvan Cloud to the whitelist of iptables

27 Oct 2019

An important step toward preventing disruption and delay in the connection between Arvan edge servers and the main host server is to mark the IP addresses of Arvan Cloud as whitelisted in the firewall settings of the host server. It means that the firewall must be configured to recognize a list of authorized IP addresses that might try to connect to the platform. This document presents two methods for adding Arvan IP addresses to the iptables.

Method 1: a separate entry for each IP range

In this method the following line must be repeated for each IP range that is listed in the IP addresses page of Arvan Cloud. The ip in the following line must be replaced by an IP address from Arvan Cloud.

iptables -I INPUT -p tcp -m multiport --dports http,https -s "$ip" -j ACCEPT 

Method 2: using ipset

Another method is using ipset, instead of entering every single IP address manually. If this tool is not installed on your host server, you can install it using the following command.

Ubuntu

 

sudo apt-get install ipset

CentOS

 

yum install ipset

 

Now, you can use ipset to specify a list of authorized IP addresses (in this case the IP addresses of Arvan Cloud). In the following command you can replace ‘example’ with a name that you prefer.

ipset create example hash:net
for x in $(curl https://www.arvancloud.com/fa/ips.txt); do ipset add example $x; done

Please note that after executing the above command, a list of IP addresses will be saved in memory. But, by default it would be erased after a system reboot. Therefore, you need to save this command and re-run it after system reboot.
Now that the list of authorized IP addresses is created using ipset, we can use this list (which we named example in the above command) in the iptables command:

iptables -A INPUT -m set --match-set example src -p tcp -m multiport --dports http,https -j ACCEPT 

In both methods, the last step is to save the modified iptables rules. You can do it using the following commands:

Debian

 

iptables-save > /etc/iptables/rules.v4

CentOS

 

iptables-save > /etc/sysconfig/iptables

دیدگاه شما