Steps to "Reload" "outboundFwRules.json" file:
- Create an AWS bucket and place on it the "outboundFwRules.json" file. See Examples below.
- Download the file to the CSC. Run Command "AWS-RunShellScript" on the CSC and do command:
wget <Your bucket file URL> -O /usr/local/etc/mhb-csc/outboundFwRules.json |
- Run Document "MHB-CSC-PriCPA-Reload-Outbound-Firewall-json" to apply the changes.
Example:
Testing site: ipinfo.io, ip.maidenheadbridge.com and Office 365 worldwide Endpoints.
{ "outboundFwRulesCustomerValuesComment": "Please, fill in the values of 'outboundFwRulesFileName', 'outboundFwRulesFileVersion' and 'outboundFwRulesFileDate'.", "outboundFwRulesFileName": "outboundFwRules-office365.json", "outboundFwRulesFileVersion": "1.1.1", "outboundFwRulesFileDate": "09/10/2024", "outboundFwRules": [ { "ruleGroupName": "Testing Sites", "description": "Rule Group for testing sites.", "fwRules": [ { "ruleName": "ipinfo.io", "description": "Allow Web to ipinfo.io", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "34.117.59.81/32" ], "destinationSinglePorts": [ "443", "80" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "ipinfo.io", "description": "Allow icmp to ipinfo.io", "ipProtocol": "icmp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "34.117.59.81/32" ], "destinationSinglePorts": [], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "ip.maidenheadbridge.com", "description": "Allow HTTPS to ip.maidenheadbridge.com", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "216.239.34.21/32", "216.239.36.21/32", "216.239.38.21/32", "216.239.32.21/32" ], "destinationSinglePorts": [ "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "ip.maidenheadbridge.com", "description": "Allow PING to ip.maidenheadbridge.com", "ipProtocol": "icmp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "216.239.34.21/32", "216.239.36.21/32", "216.239.38.21/32", "216.239.32.21/32" ], "destinationSinglePorts": [ "" ], "destinationPortRange": { "fromPort": "", "toPort": "" } } ] }, { "ruleGroupName": "O365 Endpoints", "description": "This Rule Group for O365 Endpoints worldwide.", "fwRules": [ { "ruleName": "Exchange - id 1 - tcp", "description": "Exchange Online - tcp", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "13.107.6.152/31", "13.107.18.10/31", "13.107.128.0/22", "23.103.160.0/20", "40.96.0.0/13", "40.104.0.0/15", "52.96.0.0/14", "131.253.33.215/32", "132.245.0.0/16", "150.171.32.0/22", "204.79.197.215/32" ], "destinationSinglePorts": [ "80", "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "Exchange - id 1 - udp", "description": "Exchange Online - udp", "ipProtocol": "udp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "13.107.6.152/31", "13.107.18.10/31", "13.107.128.0/22", "23.103.160.0/20", "40.96.0.0/13", "40.104.0.0/15", "52.96.0.0/14", "131.253.33.215/32", "132.245.0.0/16", "150.171.32.0/22", "204.79.197.215/32" ], "destinationSinglePorts": [ "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "Exchange - id 2", "description": "Exchange Online - POP3, IMAP4, SMTP Client traffic", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "13.107.6.152/31", "13.107.18.10/31", "13.107.128.0/22", "23.103.160.0/20", "40.96.0.0/13", "40.104.0.0/15", "52.96.0.0/14", "131.253.33.215/32", "132.245.0.0/16", "150.171.32.0/22", "204.79.197.215/32" ], "destinationSinglePorts": [ "143", "587", "993", "995" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "Exchange - id 9", "description": "Exchange Online", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "40.92.0.0/15", "40.107.0.0/16", "52.100.0.0/14", "52.238.78.88/32", "104.47.0.0/17" ], "destinationSinglePorts": [ "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "Exchange - id 10", "description": "Exchange Online", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "40.92.0.0/15", "40.107.0.0/16", "52.100.0.0/14", "104.47.0.0/17" ], "destinationSinglePorts": [ "25" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "Skype - id 11", "description": "Microsoft Teams", "ipProtocol": "udp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "52.112.0.0/14", "52.122.0.0/15" ], "destinationSinglePorts": [], "destinationPortRange": { "fromPort": "3478", "toPort": "3481" } }, { "ruleName": "Skype - id 12", "description": "Microsoft Teams", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "52.112.0.0/14", "52.122.0.0/15", "52.238.119.141/32", "52.244.160.207/32" ], "destinationSinglePorts": [ "80", "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "SharePoint - id 31", "description": "SharePoint Online and OneDrive for Business", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "13.107.136.0/22", "40.108.128.0/17", "52.104.0.0/14", "104.146.128.0/17", "150.171.40.0/22" ], "destinationSinglePorts": [ "80", "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "Common - id 46", "description": "Microsoft 365 Common and Office Online", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "13.107.6.171/32", "13.107.18.15/32", "13.107.140.6/32", "52.108.0.0/14", "52.244.37.168/32" ], "destinationSinglePorts": [ "80", "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "Common - id 56", "description": "Microsoft 365 Common and Office Online", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "20.20.32.0/19", "20.190.128.0/18", "20.231.128.0/19", "40.126.0.0/18" ], "destinationSinglePorts": [ "80", "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } }, { "ruleName": "Common - id 64", "description": "Microsoft 365 Common and Office Online", "ipProtocol": "tcp", "sourceCirdIp": [ "0.0.0.0/0" ], "destinationCirdIp": [ "13.107.6.192/32", "13.107.9.192/32" ], "destinationSinglePorts": [ "443" ], "destinationPortRange": { "fromPort": "", "toPort": "" } } ] } ] } |