Links
⚙️

IP Whitelist - Firewall Rules

Before attempting to onboard a new node in BLAST, we'll have to make sure we add the required Firewall Rules that will allow incoming traffic from our Infrastructure.
Failure in doing so can lead to lower node performance, scores and rewards.
The full list of IPs that will need to be whitelisted on the provider's side is:
162.19.232.109
162.19.232.108
162.19.232.110
141.95.94.21
141.95.94.20
141.95.94.19
15.204.140.80
15.204.141.67
15.204.198.207
135.148.211.147
135.148.211.148
135.148.211.149
15.235.144.191
15.235.144.206
15.235.144.207
139.99.67.135
139.99.53.186
139.99.53.189
15.204.52.134
15.204.52.125
15.204.52.131
147.135.102.151
147.135.102.200
51.81.232.143
We have also prepared a script that will make applying firewall rules a little bit easier to manage.
Please note that this script works only for Ubuntu and Debian OS flavours as it uses the ufw binary.
All we need to pass to it is the node's RPC port and WS port.
e.g: For a default configuration of an Ethereum node, the RPC port is 8545 and the WS port is 8546. The script is going to ask for the user to input these two values.
In case we want to use custom ports for RPC and WS we need to make sure we specify those, and not the default ones posted above.
The script iterates through the IP list provided above and adds all the required firewall rules, making management much easier than running all these commands manually.
Please make sure that your SSH port (22 by default) accepts traffic from your local machine (can also be a jump server or a bastion host) before running this script so you do not lock yourself out of your server. The below script should be used to add the required firewall rules so that our infrastructure can send requests to the provider nodes. It is not a general or recommended firewall configuration.
#!/bin/bash
​
read -p "Enter your RPC Port: " RPC_PORT
read -p "Enter your WS Port: " WS_PORT
​
PORTS=(
${RPC_PORT}
${WS_PORT}
)
ALLOW_IPS=(
162.19.232.109
162.19.232.108
162.19.232.110
141.95.94.21
141.95.94.20
141.95.94.19
15.204.140.80
15.204.141.67
15.204.198.207
135.148.211.147
135.148.211.148
135.148.211.149
15.235.144.191
15.235.144.206
15.235.144.207
139.99.67.135
139.99.53.186
139.99.53.189
15.204.52.134
15.204.52.125
15.204.52.131
147.135.102.151
147.135.102.200
51.81.232.143
)
​
for port in "${PORTS[@]}"; do
for allow_ip in "${ALLOW_IPS[@]}"; do
sudo ufw allow to any port ${port} from ${allow_ip} && echo ${allow_ip}
done
done
​
sudo ufw enable
In case there are new IPs that need to be whitelisted, we will make sure we keep this list updated and also announce the changes via Discord.