Skip to main content

⚙ IP Whitelist - Firewall Rules

Before attempting to onboard a new node in BLAST, we'll have to make sure we add the required Firewall Rules that will allow incoming traffic from our Infrastructure.

Failure in doing so can lead to lower node performance, scores and rewards.

The full list of IPs that will need to be whitelisted on the provider's side is:

162.19.232.109
162.19.232.108
162.19.232.110
141.95.94.21
141.95.94.20
141.95.94.19
15.204.140.80
15.204.141.67
15.204.198.207
135.148.211.147
135.148.211.148
135.148.211.149
15.235.144.191
15.235.144.206
15.235.144.207
139.99.67.135
139.99.53.186
139.99.53.189
15.204.52.134
15.204.52.125
15.204.52.131
147.135.102.151
147.135.102.200
51.81.232.143

We have also prepared a script that will make applying firewall rules a little bit easier to manage.

info

Please note that this script works only for Ubuntu and Debian OS flavours as it uses the ufw binary.

All we need to pass to it is the node's RPC port and WS port.

e.g: For a default configuration of an Ethereum node, the RPC port is 8545 and the WS port is 8546. The script is going to ask for the user to input these two values.

info

In case we want to use custom ports for RPC and WS we need to make sure we specify those, and not the default ones posted above.

The script iterates through the IP list provided above and adds all the required firewall rules, making management much easier than running all these commands manually.

info

Please make sure that your SSH port (22 by default) accepts traffic from your local machine (can also be a jump server or a bastion host) before running this script so you do not lock yourself out of your server. The below script should be used to add the required firewall rules so that our infrastructure can send requests to the provider nodes. It is not a general or recommended firewall configuration.

#!/bin/bash

read -p "Enter your RPC Port: " RPC_PORT
read -p "Enter your WS Port: " WS_PORT

PORTS=(
${RPC_PORT}
${WS_PORT}
)
ALLOW_IPS=(
162.19.232.109
162.19.232.108
162.19.232.110
141.95.94.21
141.95.94.20
141.95.94.19
15.204.140.80
15.204.141.67
15.204.198.207
135.148.211.147
135.148.211.148
135.148.211.149
15.235.144.191
15.235.144.206
15.235.144.207
139.99.67.135
139.99.53.186
139.99.53.189
15.204.52.134
15.204.52.125
15.204.52.131
147.135.102.151
147.135.102.200
51.81.232.143
)

for port in "${PORTS[@]}"; do
for allow_ip in "${ALLOW_IPS[@]}"; do
sudo ufw allow to any port ${port} from ${allow_ip} && echo ${allow_ip}
done
done

sudo ufw enable

In case there are new IPs that need to be whitelisted, we will make sure we keep this list updated and also announce the changes via Discord.