search

InsaLan / langate3000

The new InsaLan captive portal 👾
MIT License
1 stars 0 forks source link

Forbid outside API access #18

Open SkytAsul opened 3 weeks ago

SkytAsul commented 3 weeks ago

Description

Forbid access to the API except for the docker that contains the gate backend.

Indications

I can think of 2 possibilities

  1. Via an nftables rule at launchtime?
  2. By binding the API to the docker bridge IP so it is only accessible from containers.
pixup1 commented 1 week ago 
self._execute_nft_cmd("add rule insalan saddr != {IP_DOCKER_BACKEND} tcp dport 6784 drop")

?

SkytAsul commented 1 week ago

La solution 2 est meilleure. Sinon oui ce genre de rule marcherait.