I want to block access to port 6379 on my server, but I still want to connect to it internally. The redis-server application runs on that port and I want to connect to it only locally (127.0.0.1). How can I do this?
Ubuntu – How to block port 6379 for outside traffic on ubuntu
portredisUbuntu
Best Answer
To do this, you need to make sure that your IPTables rules are configured properly. Ubuntu generally leaves their servers wide open by default, which is why I still don't recommend their use as servers unless you are quite well aware of how to do this properly already.
I imagine that your
iptables -L -nv
looks something like this, yes?It's empty and it's wide open. The Ubuntu IPTables HowTo will probably help quite a bit with this. (https://help.ubuntu.com/community/IptablesHowTo)
I recommend something like this, which allow SSH on any interface and tcp 6379 any interface but the one you don't want:
You would then save this file in /etc/iptables.rules.
Obviously, any other ports that you specifically want open should be added.
Note: I've added the specific 6379 lines for clarity. The bottom ACCEPT right before the COMMIT would actually allow this because all loopback connections must be allowed on a Linux system for proper operation.
You will also want to put the rules in your /etc/network/interfaces file as well, to ensure that they are added when the interface comes up and not later in the boot process. Adding something like this is recommended:
Edit: To load this configuration initially, you need to run the iptables-restore command referenced above: