Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED Cloudron overrides iptables-persistent

    Support
    firewall home computer
    5
    12
    161
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stoccafisso last edited by

      I came to think about something like this:

      1. Run a script that monitors when cloudron is finished loading, and finished configuring iptables (after each restart/bootup)
      2. Then, when cloudron is complete restarted, script insert the needed custom iptables entries, and then run iptables-persistent.

      There are probably much better ways to do it, but at least I am trying to think out a possible solution. But how to code that script and get it to do the stuff I want? Anyone able to help?

      necrevistonnezr 1 Reply Last reply Reply Quote 0
      • necrevistonnezr
        necrevistonnezr @stoccafisso last edited by

        @stoccafisso
        I run Plex on the same server as Cloudron (there's no official Plex app yet for Cloudron, although it's planned.)
        I set up a script via cron that opens the necessary ports every XX minutes.

        iptables -I INPUT -p tcp -m tcp --dport 32400 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 32469 -j ACCEPT
        1 Reply Last reply Reply Quote 0
        • nebulon
          nebulon Staff last edited by

          You might have forgotten to dump the changed iptables configuration with:

          iptables-save >/etc/iptables/rules.v4
          S 1 Reply Last reply Reply Quote 2
          • S
            stoccafisso @nebulon last edited by stoccafisso

            @nebulon said in Cloudron overrides iptables-persistent:

            iptables-save >/etc/iptables/rules.v4

            Thanks @nebulon , that may be the problem, as I initially only ran the command

            iptables-save

            instead of

            iptables-save >/etc/iptables/rules.v4

            (I followed this guide: https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux)

            Now the iptables rules (inkl custom rules) persist after reboot, but then again...cloudron has had no reason to do changes.

            So I provoked it by installing another app (wordpress-app). A few seconds after installation it said wordpress was running, but I could not access it. A few seconds later I could. So it seems it is working. (Maybe I should have tried another app, with other ports)

            @necrevistonnezr maybe you could also benefit from looking at iptables-persistent? https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux

            1 Reply Last reply Reply Quote 1
            • girish
              girish Staff last edited by

              @stoccafisso https://cloudron.io/documentation/security/#block-ips has the necessary commands to make iptable changes persist.

              1 Reply Last reply Reply Quote 0
              • necrevistonnezr
                necrevistonnezr last edited by

                Now that we can whitelist ports (even though it might not work as expected?), does it interfere with iptables-persistent? Should one remove the package and / or entries in /etc/iptables/rules.v4 or /etc/iptables/rules.v6?

                1 Reply Last reply Reply Quote 1
                • girish
                  girish Staff last edited by

                  It's better to use Cloudron's built-in IP block list and port white list. I think maybe iptables persistent probably still works OK but we don't really test it actively.

                  1 Reply Last reply Reply Quote 1
                  • necrevistonnezr
                    necrevistonnezr last edited by

                    So can we delete /etc/iptables/rules.v4 and /etc/iptables/rules.v6?

                    girish 1 Reply Last reply Reply Quote 0
                    • girish
                      girish Staff @necrevistonnezr last edited by

                      @necrevistonnezr yes

                      necrevistonnezr 1 Reply Last reply Reply Quote 1
                      • necrevistonnezr
                        necrevistonnezr @girish last edited by

                        @girish Great, everything worked as expected.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post