add ssh iptables rules

bolt_vm_automation/tasks/system_setup.sh

@@ -15,6 +15,16 @@ if [ -z "$IP" ] || [ -z "$HOSTNAME" ] || [ -z "$DHCP" ] || [ -z "$GATEWAY" ] ||
     exit 1
 fi
 
+# Configure and install iptables-persistent
+sudo DEBIAN_FRONTEND=noninteractive apt-get -y install iptables-persistent
+
+# Restrict SSH access
+sudo iptables -A INPUT -p tcp --dport 22 -s 100.40.223.128/26 -j ACCEPT
+sudo iptables -A INPUT -p tcp --dport 22 -s 173.62.109.73/32 -j ACCEPT
+sudo iptables -A INPUT -p tcp --dport 22 -j DROP
+# Use netfilter-persistent to save rules instead of direct file writing
+sudo netfilter-persistent save
+
 # Create the new netplan configuration
 sudo tee /etc/cloud/cloud.cfg.d/90-installer-network.cfg << EOL
 network: