Hi,
I am setting up a website. Its a standard e-commerce website and want to add some firewall rules to stop any malicious users.
The website needs the following ports open: 22 (ssh), 80 (http) and 443 (https)
Some background: The web side (lets call it 'forms') communicates with a background internal process (called 'Handler') written in Python and communicating using REST API. Handler listens on TCP port 8080.
I had the following rules applied to the firewall.
- iptables -A INPUT -p tcp --dport ssh -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- iptables -A INPUT -p tcp --dport 443 -j ACCEPT
- iptables -A INPUT -j DROP
My understanding here was: If communication on 8080 is just internal to the machine, the firewall rules should not matter as they are applied only for external connections. But 'forms' and 'handler' are not able to communicate with each other. If I remove the last rule (drop rule), the communication is fine.
Variation 1: I added the port 8080 to the rules thinking that somehow iptables is applying even to the internal communication.
- iptables -A INPUT -p tcp --dport ssh -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- iptables -A INPUT -p tcp --dport 443 -j ACCEPT
- iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
- iptables -A INPUT -j DROP
Result: Communication is still blocked from 'forms' to 'handler'. If I remove the last rule (drop rule), communication is fine again. So, the drop rule is being applied to it somehow.
Variation 2: I tried the iptables rule with interface specification, but still have the same problem.[*]iptables -A INPUT -i lo -p tcp --dport 8080 -j ACCEPT[*]iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
Any input would be appreciated. Thanks in advance.
ps: The machine is running CentOS 6