File: //lib/firewalld/zones/LW_STAFF.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
<short>LW_STAFF</short>
<description>Firewall rules required to allow Liquid Web staff access to your server. These must be present on all supported servers. Dropping these rules may negate support.</description>
<!-- zone ranges - lw-office-staff -->
<source address="10.20.4.0/22" />
<source address="50.28.76.132/32" />
<source address="2607:fad0:32:a03::/64" />
<source address="10.30.4.0/22" />
<source address="10.30.104.0/24" />
<source address="2607:fad0:32:a02::/64" />
<!-- zone ranges - sa-office-staff -->
<source address="10.255.234.128/25" />
<source address="10.255.235.0/25" />
<source address="10.255.235.128/26" />
<source address="10.255.235.192/26" />
<source address="10.255.236.64/26" />
<source address="10.255.236.128/26" />
<source address="10.255.236.192/26" />
<!-- zone ranges - sa-cs-vpn -->
<source address="10.255.233.128/25" />
<!-- zone ranges - intl-team -->
<source address="10.20.44.0/22" />
<source address="10.255.227.0/24" />
<source address="192.168.94.0/24" />
<!-- zone ranges - workbench -->
<source address="69.167.129.192/28" />
<!-- zone ranges - dc3-syseng -->
<source address="10.30.104.0/24" />
<!-- zone ranges - mellon_jumpboxes -->
<!-- zone ranges - bifrost-tunnel -->
<source address="10.64.0.13/32" />
<source address="10.64.96.24/32" />
<source address="10.64.32.173/32" />
<source address="10.64.16.34/32" />
<source address="10.64.160.20/32" />
<source address="10.64.64.16/32" />
<source address="10.64.128.23/32" />
<source address="10.64.144.12/32" />
<source address="10.75.32.15/32" />
<source address="10.75.16.13/32" />
<source address="10.75.64.25/32" />
<source address="10.75.48.21/32" />
<source address="10.75.96.12/32" />
<source address="10.79.165.30/32" />
<source address="10.79.118.251/32" />
<source address="207.32.190.51/32" />
<source address="10.75.112.2/32" />
<source address="185.145.13.79/32" />
<source address="10.67.2.78/32" />
<source address="10.75.128.110/32" />
<source address="10.72.66.194/32" />
<source address="10.75.145.159/32" />
<source address="192.240.191.2/32" />
<!-- zone ranges - managed hosting other -->
<source address="209.126.25.175/32" />
<source address="208.69.120.31/32" />
<source address="172.17.194.102/32" />
<source address="172.27.224.3/32" />
<source address="10.64.0.215/32" />
<source address="209.126.31.103/32" />
<source address="10.64.32.43/32" />
<source address="10.64.0.9/32" />
<source address="69.160.55.103/32" />
<source address="66.51.154.178/32" />
<source address="208.69.120.33/32" />
<source address="172.17.194.116/32" />
<source address="209.126.25.207/32" />
<source address="209.126.24.34/32" />
<!-- zone ranges - dc3-qa -->
<source address="10.30.2.128/25" />
<!-- services to allow -->
<rule><accept/><service name="ssh" /></rule>
<rule><accept/><service name="smtp" /></rule>
<rule><accept/><service name="http" /></rule>
<rule><accept/><service name="https" /></rule>
<!-- custom cPanel ports to allow -->
<rule><accept/><port port="2083" protocol="tcp"/></rule>
<rule><accept/><port port="2087" protocol="tcp"/></rule>
<rule><accept/><port port="2096" protocol="tcp"/></rule>
<!-- custom plesk ports -->
<rule><accept/><port port="8443" protocol="tcp"/></rule>
<!-- custom interworx ports -->
<rule><accept/><port port="2443" protocol="tcp"/></rule>
<!-- ping services to allow -->
<rule><accept/><icmp-type name="echo-request" /></rule>
<rule><accept/><icmp-type name="echo-reply" /></rule>
</zone>