From 7cef254ab48ce567ba901f61f39ff8ec16c38347 Mon Sep 17 00:00:00 2001
From: Onur Alp Soner <oas@count.ly>
Date: Mon, 25 Aug 2014 10:21:03 +0300
Subject: [PATCH] Only allow localhost connections to MongoDB

---
 bin/countly.install.sh |  8 ++++++++
 bin/countly.upgrade.sh |  8 ++++++++
 bin/geoip-updater.sh   | 36 ------------------------------------
 3 files changed, 16 insertions(+), 36 deletions(-)
 delete mode 100644 bin/geoip-updater.sh

diff --git a/bin/countly.install.sh b/bin/countly.install.sh
index 590de56efc0..186a3b0a145 100755
--- a/bin/countly.install.sh
+++ b/bin/countly.install.sh
@@ -58,6 +58,14 @@ apt-get -y install sendmail
 
 apt-get -y install build-essential || (echo "Failed to install build-essential." ; exit)
 
+#drop packages coming from 0/0 going through mongodb port
+#allow those coming from localhost
+iptables -A INPUT -m state --state NEW -p tcp --destination-port 27019 -s localhost -j ACCEPT
+iptables -A INPUT -m state --state NEW -p tcp --destination-port 27019 -s 0/0 -j DROP
+
+#install iptables-persistent
+apt-get install iptables-persistent
+
 #install time module for node
 ( cd $DIR/../api ; npm install time )
 
diff --git a/bin/countly.upgrade.sh b/bin/countly.upgrade.sh
index 1a645134a75..a84847a94f4 100755
--- a/bin/countly.upgrade.sh
+++ b/bin/countly.upgrade.sh
@@ -17,6 +17,14 @@ echo "
 
 "
 
+#drop packages coming from 0/0 going through mongodb port
+#allow those coming from localhost
+iptables -A INPUT -m state --state NEW -p tcp --destination-port 27019 -s localhost -j ACCEPT
+iptables -A INPUT -m state --state NEW -p tcp --destination-port 27019 -s 0/0 -j DROP
+
+#install iptables-persistent
+apt-get install iptables-persistent
+
 #DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 #mongo countly $DIR/updateCollections.js
 
diff --git a/bin/geoip-updater.sh b/bin/geoip-updater.sh
deleted file mode 100644
index 7e4d6b550c2..00000000000
--- a/bin/geoip-updater.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [[ $EUID -ne 0 ]]; then
-   echo "Please run this script with a superuser..." 1>&2
-   exit 1
-fi
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-mkdir -p $DIR/../api/node_modules/geoip-lite/data/temp
-cd $DIR/../api/node_modules/geoip-lite/data/temp
-
-wget http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip
-wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity-latest.zip
-wget http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz
-
-unzip GeoIPCountryCSV.zip
-unzip GeoLiteCity-latest.zip
-gunzip GeoIPv6.csv.gz
-
-cd GeoLiteCity_*
-mv * ../
-cd ../
-
-echo "Creating geoip dat files..."
-node $DIR/../api/node_modules/geoip-lite/lib/country-converter.js GeoIPCountryWhois.csv geoip-country.dat
-node $DIR/../api/node_modules/geoip-lite/lib/country-converter.js GeoIPv6.csv geoip-country6.dat
-node $DIR/../api/node_modules/geoip-lite/lib/city-converter.js GeoLiteCity-Blocks.csv geoip-city.dat
-
-mv geoip-*.dat ../
-cd ../
-rm -rf temp
-
-echo "Finished updating geoip data files. You need to restart api.js..."
\ No newline at end of file