IPtables protection
#2029
Replies: 1 comment 1 reply
-
|
@haugene @sikksakk I’m not great with iptables but that looks reasonable to me to add to dev branch for now? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
@pkishino i'm manually using these rules now on the container, and works as expected :-) |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
would it be an idea to add some IPtables rules so we can protect the container?
i have disabled NAT firewall on giganews to be connectable - but that also exposes my whole container on the public internet including an open unprotected transmission webinterface :-)
Could be a few simple rules on the tap interfaces, with configurable port range?
like:
iptables -F
iptables -A INPUT -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i tun+ -p tcp --dport 6881:6999 -j ACCEPT
iptables -A INPUT -i tun+ -p udp --dport 6881:6999 -j ACCEPT
iptables -A INPUT -i tun+ -j DROP
Beta Was this translation helpful? Give feedback.
All reactions