Score:0

block outgoing traffic on specific port without blocking internal traffic

in flag

I'm hosting a service on port 3000. Using apache, I made it so https://git.mywebsite.com proxies over to http://mywebsite.com:3000. Now, if I input the following command:

sudo iptables -A INPUT -p tcp --dport 3000 -j DROP

It does prevent external users from accessing http://mywebsite.com:3000, but now apache can no longer access it internally as well, which means https://git.mywebsite.com is down also. Is there a way to fix this?

Score:0
us flag

I assume your Apache2 proxy uses localhost:3000 as the proxy destination.

Best option is to configure your service so that it only binds to 127.0.0.1:3000 address on startup, not to 0.0.0.0:3000. This prevents anyone from outside connecting to that service.

Second option is to use iptables as follows:

sudo iptables -A INPUT -i <IFNAME> -p tcp --dport 3000 -j DROP

Where <IFNAME> is your internet facing interface name.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.