Ping a Specific Port

Question

lolc

Asked: 2021-10-21 12:38:49 +0800 CST2021-10-21 12:38:49 +0800 CST 2021-10-21 12:38:49 +0800 CST

block outgoing traffic on specific port without blocking internal traffic

772

I'm hosting a service on port 3000. Using apache, I made it so https://git.mywebsite.com proxies over to http://mywebsite.com:3000. Now, if I input the following command:

sudo iptables -A INPUT -p tcp --dport 3000 -j DROP

It does prevent external users from accessing http://mywebsite.com:3000, but now apache can no longer access it internally as well, which means https://git.mywebsite.com is down also. Is there a way to fix this?

1 Answers

Voted

Tero Kilkanen · Answer 1 · 2021-10-22T10:02:13+08:00

Best Answer

Tero Kilkanen

2021-10-22T10:02:13+08:002021-10-22T10:02:13+08:00

I assume your Apache2 proxy uses localhost:3000 as the proxy destination.

Best option is to configure your service so that it only binds to 127.0.0.1:3000 address on startup, not to 0.0.0.0:3000. This prevents anyone from outside connecting to that service.

Second option is to use iptables as follows:

sudo iptables -A INPUT -i <IFNAME> -p tcp --dport 3000 -j DROP

Where <IFNAME> is your internet facing interface name.

0

block outgoing traffic on specific port without blocking internal traffic

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?