Skip to content

Latest commit

 

History

History
107 lines (79 loc) · 5.12 KB

iptables.md

File metadata and controls

107 lines (79 loc) · 5.12 KB
Raw

Deploying a secure web application in production with

    ██╗     ███████╗████████╗███████╗    ███████╗███╗   ██╗ ██████╗██████╗ ██╗   ██╗██████╗ ████████╗
    ██║     ██╔════╝╚══██╔══╝██╔════╝    ██╔════╝████╗  ██║██╔════╝██╔══██╗╚██╗ ██╔╝██╔══██╗╚══██╔══╝
    ██║     █████╗     ██║   ███████╗    █████╗  ██╔██╗ ██║██║     ██████╔╝ ╚████╔╝ ██████╔╝   ██║   
    ██║     ██╔══╝     ██║   ╚════██║    ██╔══╝  ██║╚██╗██║██║     ██╔══██╗  ╚██╔╝  ██╔═══╝    ██║   
    ███████╗███████╗   ██║   ███████║    ███████╗██║ ╚████║╚██████╗██║  ██║   ██║   ██║        ██║   
    ╚══════╝╚══════╝   ╚═╝   ╚══════╝    ╚══════╝╚═╝  ╚═══╝ ╚═════╝╚═╝  ╚═╝   ╚═╝   ╚═╝        ╚═╝   

                                                 ██╗                 
                                                 ██║              
                                              ████████╗                  
                                              ██╔═██╔═╝                   
                                              ██████║                       
                                              ╚═════╝                 

                         ██████╗███████╗██████╗ ████████╗██████╗  ██████╗ ████████╗      
                        ██╔════╝██╔════╝██╔══██╗╚══██╔══╝██╔══██╗██╔═══██╗╚══██╔══╝  
                        ██║     █████╗  ██████╔╝   ██║   ██████╔╝██║   ██║   ██║      
                        ██║     ██╔══╝  ██╔══██╗   ██║   ██╔══██╗██║   ██║   ██║        
                        ╚██████╗███████╗██║  ██║   ██║   ██████╔╝╚██████╔╝   ██║                   
                         ╚═════╝╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═════╝  ╚═════╝    ╚═╝

Making iptables rules permanent

Deploying a secure web application in production with Let's Encrypt and Certbot details a way to deploy an app or service securely. In doing so, it takes advantage of iptables rules to intercept traffic on port 80 or 443 and reroute that traffic to the port your app or service is runming on.

Debian/Ubuntu Based Instructions

  1. Install the iptables-persistent package

    Newer *Nix Distros

    sudo apt install iptables-persistent

    Older *Nix Distros

    sudo apt-get install iptables-persistent

  2. On installation of iptables-persistent package, you will be asked to save the current files. Accept Yes

  3. Optional: Check your iptables rule file

    cat /etc/iptables/rules.v4

    It should look like

    # Generated by iptables-save v1.6.1 on Fri Aug 20 02:40:14 2021
*filter
:INPUT ACCEPT [71277:316681291]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [58801:6540250]
COMMIT
# Completed on Fri Aug 20 02:40:14 2021
# Generated by iptables-save v1.6.1 on Fri Aug 20 02:40:14 2021
*nat
:PREROUTING ACCEPT [1:52]
:INPUT ACCEPT [1636:90337]
:OUTPUT ACCEPT [613:66497]
:POSTROUTING ACCEPT [613:66497]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 443
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3000
COMMIT
# Completed on Fri Aug 20 02:40:14 2021

  4. If you were not given the option to save the iptables rules, do so by running the following commmand

    sudo iptables-save > /etc/iptables/rules.v4

    If you get a permission denied error, try:

    sudo iptables-save

RedHat/CentOS Based Instructions

  1. Save your newly updated iptables rules to a file

    sudo service iptables save

  2. Restart the service

    sudo service iptables restart

  3. Make them permanent

    sudo chkconfig iptables on