Skip to main content

⚙ IP Whitelist - Firewall Rules

Before attempting to onboard a new node in BLAST, we'll have to make sure we add the required Firewall Rules that will allow incoming traffic from our Infrastructure.

Failure in doing so can lead to lower node performance, scores and rewards.

The full list of IPs that will need to be whitelisted on the provider's side is:

We have also prepared a script that will make applying firewall rules a little bit easier to manage.


Please note that this script works only for Ubuntu and Debian OS flavours as it uses the ufw binary.

All we need to pass to it is the node's RPC port and WS port.

e.g: For a default configuration of an Ethereum node, the RPC port is 8545 and the WS port is 8546. The script is going to ask for the user to input these two values.


In case we want to use custom ports for RPC and WS we need to make sure we specify those, and not the default ones posted above.

The script iterates through the IP list provided above and adds all the required firewall rules, making management much easier than running all these commands manually.


Please make sure that your SSH port (22 by default) accepts traffic from your local machine (can also be a jump server or a bastion host) before running this script so you do not lock yourself out of your server. The below script should be used to add the required firewall rules so that our infrastructure can send requests to the provider nodes. It is not a general or recommended firewall configuration.


read -p "Enter your RPC Port: " RPC_PORT
read -p "Enter your WS Port: " WS_PORT


for port in "${PORTS[@]}"; do
for allow_ip in "${ALLOW_IPS[@]}"; do
sudo ufw allow to any port ${port} from ${allow_ip} && echo ${allow_ip}

sudo ufw enable

In case there are new IPs that need to be whitelisted, we will make sure we keep this list updated and also announce the changes via Discord.