From: Joe Presbrey <presbrey@mit.edu>
Date: Mon, 22 Oct 2007 22:42:14 +0000 (+0000)
Subject: changed backend firewall rules
X-Git-Url: http://andersk.mit.edu/gitweb/sql.git/commitdiff_plain/794cf93aa840b309ebce0adbd284f55e10945491

changed backend firewall rules

git-svn-id: svn://presbrey.mit.edu/sql@149 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---

diff --git a/etc/lighttpd/lighttpd.conf b/etc/lighttpd/lighttpd.conf
index 4c5523e..84d5db8 100644
--- a/etc/lighttpd/lighttpd.conf
+++ b/etc/lighttpd/lighttpd.conf
@@ -1,4 +1,4 @@
-server.modules              = ( "mod_rewrite", "mod_alias", "mod_access", "mod_fastcgi", "mod_accesslog" )
+server.modules              = ( "mod_rewrite", "mod_alias", "mod_access", "mod_fastcgi", "mod_redirect", "mod_accesslog" )
 server.errorlog             = "/var/log/lighttpd/error_log"
 accesslog.filename          = "/var/log/lighttpd/access_log"
 etag.use-inode              = "disable"
@@ -39,6 +39,7 @@ url.rewrite-once += ( "^/~sql/main/do/([^\?]+)(\??.*)" => "/~sql/main/$1.php$2"
 url.rewrite-once += ( "^/~sql/dev/do/([^\?]+)(\??.*)" => "/~sql/dev/$1.php$2" )
 url.rewrite-once += ( "^/main/do/([^\?]+)(\??.*)" => "/main/$1.php$2" )
 url.rewrite-once += ( "^/dev/do/([^\?]+)(\??.*)" => "/dev/$1.php$2" )
+url.redirect = ( "^/phpMyAdmin(.*)" => "http://scripts.mit.edu/~sql/phpMyAdmin$1" )
 ssl.verifyclient.username  = "SSL_CLIENT_S_DN_emailAddress"
 $SERVER["socket"] == "0.0.0.0:443" {
     ssl.engine = "enable"
diff --git a/etc/sysconfig/iptables b/etc/sysconfig/iptables
index 8d3ecfe..08d1b9b 100644
--- a/etc/sysconfig/iptables
+++ b/etc/sysconfig/iptables
@@ -15,8 +15,11 @@
 -A Firewall -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT 
 -A Firewall -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT 
 -A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -d 18.181.0.52 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -d 192.168.181.47 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -d 192.168.181.56 -j ACCEPT 
+-A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 18.181.0.47 -j ACCEPT 
+-A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 18.181.0.56 -j ACCEPT 
+-A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -d 172.21.0.52 -j ACCEPT 
+-A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 172.21.0.47 -j ACCEPT 
+-A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 172.21.0.56 -j ACCEPT 
 -A Firewall -m state --state NEW -m tcp -p tcp --dport 4949 -s 18.187.1.128 -j ACCEPT 
 -A Firewall -m state --state NEW -m tcp -p tcp --dport 5666 -s 18.187.1.128 -j ACCEPT 
 -A Firewall -j REJECT --reject-with icmp-host-prohibited