Adding the IP addresses of ArvanCloud to the whitelist of iptables
An important step toward preventing disruption and delay in the connection between Arvan edge servers and the main host server is to mark the IP addresses of Arvan Cloud as whitelisted in the firewall settings of the host server. It means that the firewall must be configured to recognize a list of authorized IP addresses that might try to connect to the platform. This document presents two methods for adding Arvan IP addresses to the iptables.
Method 1: a separate entry for each IP range
In this method the following line must be repeated for each IP range that is listed in the IP addresses page of Arvan Cloud. The ip in the following line must be replaced by an IP address from Arvan Cloud.
iptables -I INPUT -p tcp -m multiport --dports http,https -s "$ip" -j ACCEPT
Method 2: using ipset
Another method is using ipset, instead of entering every single IP address manually. If this tool is not installed on your host server, you can install it using the following command.
sudo apt-get install ipset
yum install ipset
Now, you can use ipset to specify a list of authorized IP addresses (in this case the IP addresses of Arvan Cloud). In the following command you can replace ‘example’ with a name that you prefer.
ipset create example hash:net for x in $(curl https://www.arvancloud.com/fa/ips.txt); do ipset add example $x; done
Please note that after executing the above command, a list of IP addresses will be saved in memory. But, by default it would be erased after a system reboot. Therefore, you need to save this command and re-run it after system reboot.
Now that the list of authorized IP addresses is created using ipset, we can use this list (which we named example in the above command) in the iptables command:
iptables -A INPUT -m set --match-set example src -p tcp -m multiport --dports http,https -j ACCEPT
In both methods, the last step is to save the modified iptables rules. You can do it using the following commands:
iptables-save > /etc/iptables/rules.v4
iptables-save > /etc/sysconfig/iptables