Only allow localhost connections to MongoDB

Countly · Aug 25, 2014 · 7cef254 · 7cef254
1 parent a203a61
commit 7cef254
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 36 deletions.
diff --git a/bin/countly.install.sh b/bin/countly.install.sh
@@ -58,6 +58,14 @@ apt-get -y install sendmail
 
 apt-get -y install build-essential || (echo "Failed to install build-essential." ; exit)
 
+#drop packages coming from 0/0 going through mongodb port
+#allow those coming from localhost
+iptables -A INPUT -m state --state NEW -p tcp --destination-port 27019 -s localhost -j ACCEPT
+iptables -A INPUT -m state --state NEW -p tcp --destination-port 27019 -s 0/0 -j DROP
+
+#install iptables-persistent
+apt-get install iptables-persistent
+
 #install time module for node
 ( cd $DIR/../api ; npm install time )
 

diff --git a/bin/countly.upgrade.sh b/bin/countly.upgrade.sh
@@ -17,6 +17,14 @@ echo "
 
 "
 
+#drop packages coming from 0/0 going through mongodb port
+#allow those coming from localhost
+iptables -A INPUT -m state --state NEW -p tcp --destination-port 27019 -s localhost -j ACCEPT
+iptables -A INPUT -m state --state NEW -p tcp --destination-port 27019 -s 0/0 -j DROP
+
+#install iptables-persistent
+apt-get install iptables-persistent
+
 #DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 #mongo countly $DIR/updateCollections.js
 

diff --git a/bin/geoip-updater.sh b/bin/geoip-updater.sh