diff --git a/ic-os/components/networking/nftables/hostos/nftables.template b/ic-os/components/networking/nftables/hostos/nftables.template index 224543273234..02598f3ee025 100644 --- a/ic-os/components/networking/nftables/hostos/nftables.template +++ b/ic-os/components/networking/nftables/hostos/nftables.template @@ -87,65 +87,16 @@ table ip6 filter { type ipv6_addr flags interval elements = { - 2604:1380:4601:6200::/56, # AM6 Equinix boundary - 2001:920:401a:1708::/64, # AN1 - 2607:f758:1220::/64, # AT1 - 2604:3fc0:2001::/48, # AT2 - 2604:7e00:30:3::/64, # AW1 - 2001:438:fffd:11c::/64, # BC1 - 2600:c0d:3002:4::/64, # BO1 - 2001:920:401a:1710::/64, # BR1 - 2001:920:401a:1706::/64, # BR2 - 2a04:9dc0:0:108::/64, # BU1 - 2602:fb2b:120::/48, # CH1 InfraDC prefix - 2604:7e00:50::/64, # CH2 - 2607:ff70:3:2::/64, # CH3 - 2604:1380:4641:6100::/56, # DA11 Equinix boundary - 2600:3000:6100:200::/64, # DL1 - 2604:6800:258:1::/64, # DM1 InfraDC annex - 2602:fb2b:100::/48, # DM1 - 2600:3000:1300:1300::/64, # DN1 - 2001:470:1:c76::/64, # FM1 - 2602:fb2b:110::/48, # FR1 InfraDC prefix - 2001:4d78:400:10a::/64, # FR2 - 2604:1380:4091:3000::/56, # FR2 Equinix boundary - 2a0f:cd00:2::/56, # GE1 - 2a00:fa0:3::/48, # GE2 - 2604:b900:4001:76::/64, # HU1 - 2600:2c01:21::/64, # JV1 - 2a02:800:2:2003::/64, # LJ1 - 2a0b:21c0:4003:2::/64, # LN1 - 2a0b:21c0:4006:100::/56, # LN1-add - 2600:3006:1400:1500::/64, # LV1 - 2a00:fc0:5000:300::/64, # MB1 - 2001:1900:2100:2827::/64, # MM1 - 2a0b:21c0:b002:2::/64, # MR1 - 2a01:138:900a::/48, # MU1 - 2607:f1d0:10:1::/64, # NY1 - 2604:3fc0:3002::/48, # OR1 - 2610:190:6000:1::/64, # PH1 - 2600:3004:1200:1200::/56, # PL1 - 2600:c00:2:100::/64, # SE1 InfraDC annex - 2401:3f00:1000:24::/64, # SG1 - 2604:1380:40e1:4700::/56, # SG1 Equinix boundary - 2401:3f00:1000:22::/64, # SG2 - 2401:3f00:1000:23::/64, # SG3 - 2001:4c08:2003:b09::/64, # SH1 - 2600:c02:b002:15::/64, # SJ1 - 2610:190:df01:5::/64, # ST1 - 2604:1380:45e1:a600::/56, # SV15 Equinix boundary - 2607:f758:c300::/64, # TP1 - 2602:ffe4:801:16::/64, # TY1 - 2602:ffe4:801:17::/64, # TY2 - 2602:ffe4:801:18::/64, # TY3 - 2a00:fb01:400::/55, # ZH1 - 2a00:fb01:400:100::/64, # ZH2 - 2a02:418:3002::/48, # ZH3 - 2a02:41b:300e::/48, # ZH4 - 2a01:2a8:a13d::/48, # ZH5 - 2a01:2a8:a13c::/48, # ZH6 - 2a01:2a8:a13e::/48, # ZH7 - fd00:2:1:1::/64 # Private prefix used by [Ref A] + 2602:fb2b:120::/48, # ch1 + 2602:fb2b:100::/48, # dm1 + 2602:fb2b:110::/48, # fr1 + 2600:c00:2:100::/64, # se1 + 2001:4c08:2003:b09::/64, # sh1 + 2600:3007:4401::/48, # tp1 + 2a00:fb01:400::/56, # zh1 + 2a00:fb01:400:200::/64, # zh2 + 2a05:d01c:e2c:a700::/56, # AWS_eu-west-2_monitoring + 2a05:d01c:d9:2b00::/56, # AWS_eu-west-2_monitoring2 } # comment "DFINITY operated DC's" # [Ref A] @@ -159,11 +110,9 @@ table ip6 filter { type ipv6_addr flags interval elements = { - 2607:f6f0:3004::/48, # CH1-old - 2602:fb2b:120::/48, # CH1 InfraDC prefix - 2001:4d78:40d::/48, # FR1-old - 2602:fb2b:110::/48, # FR1 InfraDC prefix - 2602:fb2b:100::/48 # DM1 + 2602:fb2b:100:12::/64, # dm1-obs + 2602:fb2b:120:12::/64, # ch1-obs + 2602:fb2b:110:12::/64, # fr1-obs } # comment "Telemetry infrastructure" } diff --git a/rs/ic_os/config/tool/templates/ic.json5.template b/rs/ic_os/config/tool/templates/ic.json5.template index fa13c3c18076..4a114ae179cb 100644 --- a/rs/ic_os/config/tool/templates/ic.json5.template +++ b/rs/ic_os/config/tool/templates/ic.json5.template @@ -300,77 +300,16 @@ table ip6 filter {\n\ default_rules: [{ ipv4_prefixes: [], ipv6_prefixes: [ - "2001:438:fffd:11c::/64", - "2001:470:1:c76::/64", - "2602:fb2b:110::/48", - "2001:920:401a:1706::/64", - "2001:920:401a:1708::/64", - "2001:920:401a:1710::/64", - "2401:3f00:1000:22::/64", - "2401:3f00:1000:23::/64", - "2401:3f00:1000:24::/64", - "2600:2c01:21::/64", - "2600:3000:1300:1300::/64", - "2600:3000:6100:200::/64", - "2600:3004:1200:1200::/56", - "2600:3006:1400:1500::/64", - "2600:c00:2:100::/64", - "2600:c02:b002:15::/64", - "2600:c0d:3002:4::/64", - "2602:ffe4:801:16::/64", - "2602:ffe4:801:17::/64", - "2602:ffe4:801:18::/64", - "2604:1380:4091:3000::/64", - "2604:1380:40e1:4700::/64", - "2604:1380:40f1:1700::/64", - "2604:1380:45d1:bf00::/64", - "2604:1380:45e1:a600::/64", - "2604:1380:45f1:9400::/64", - "2604:1380:4601:6200::/64", - "2604:1380:4601:6201::/64", - "2604:1380:4601:6202::/64", - "2604:1380:4641:6101::/64", - "2604:1380:4641:6102::/64", - "2604:1380:4091:3001::/64", - "2604:1380:4091:3002::/64", - "2604:1380:45e1:a601::/64", - "2604:1380:45e1:a602::/64", - "2604:1380:4641:6100::/64", - "2604:3fc0:2001::/48", - "2604:3fc0:3002::/48", - "2604:6800:258:1::/64", - "2604:7e00:30:3::/64", - "2604:7e00:50::/64", - "2604:b900:4001:76::/64", - "2607:f1d0:10:1::/64", "2602:fb2b:120::/48", - "2607:f758:1220::/64", - "2607:f758:c300::/64", "2602:fb2b:100::/48", - "2607:ff70:3:2::/64", - "2610:190:6000:1::/64", - "2610:190:df01:5::/64", - "2a00:fa0:3::/48", - "2a00:fb01:400:100::/56", + "2602:fb2b:110::/48", + "2600:c00:2:100::/64", + "2001:4c08:2003:b09::/64", + "2600:3007:4401::/48", "2a00:fb01:400::/56", - "2a00:fc0:5000:300::/64", - "2a01:138:900a::/48", - "2a01:2a8:a13c:1::/64", - "2a01:2a8:a13d:1::/64", - "2a01:2a8:a13e:1::/64", - "2a02:418:3002:0::/64", - "2a02:41b:300e::/48", - "2a02:800:2:2003::/64", - "2a04:9dc0:0:108::/64", - "2a05:d014:939:bf00::/56", - "2a05:d01c:d9:2b00::/56", + "2a00:fb01:400:200::/64", "2a05:d01c:e2c:a700::/56", - "2a0b:21c0:4003:2::/64", - "2a0b:21c0:4006:100::/56", - "2a0b:21c0:b002:2::/64", - "2a0f:cd00:0002::/56", - "fd00:2:1:1::/64", - "fda6:8d22:43e1::/48", + "2a05:d01c:d9:2b00::/56", ], ports: [22, 2497, 4100, 7070, 8080, 9090, 9091, 9100, 19100, 19523, 19531], action: 1, @@ -500,12 +439,16 @@ table ip6 filter {\n\ default_rules: [{ ipv4_prefixes: [], ipv6_prefixes: [ - "2a00:fb01:400::/56", "2602:fb2b:120::/48", - "2602:fb2b:110::/48", "2602:fb2b:100::/48", - "2a0b:21c0:4006:100::/56", - "fda6:8d22:43e1::/48", + "2602:fb2b:110::/48", + "2600:c00:2:100::/64", + "2001:4c08:2003:b09::/64", + "2600:3007:4401::/48", + "2a00:fb01:400::/56", + "2a00:fb01:400:200::/64", + "2a05:d01c:e2c:a700::/56", + "2a05:d01c:d9:2b00::/56", ], ports: [22, 7070, 9091, 9100, 9324, 19531], action: 1,