IPtables protection
#2029
Replies: 1 comment 1 reply
-
|
@haugene @sikksakk I’m not great with iptables but that looks reasonable to me to add to dev branch for now? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
@pkishino i'm manually using these rules now on the container, and works as expected :-) |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
would it be an idea to add some IPtables rules so we can protect the container?
i have disabled NAT firewall on giganews to be connectable - but that also exposes my whole container on the public internet including an open unprotected transmission webinterface :-)
Could be a few simple rules on the tap interfaces, with configurable port range?
like:
iptables -F
iptables -A INPUT -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i tun+ -p tcp --dport 6881:6999 -j ACCEPT
iptables -A INPUT -i tun+ -p udp --dport 6881:6999 -j ACCEPT
iptables -A INPUT -i tun+ -j DROP
Beta Was this translation helpful? Give feedback.
All reactions