Commit 47f86759 authored by jz143's avatar jz143

APPEND, not INSERT the iptables rules!!!!

parent 5956eced
...@@ -69,6 +69,7 @@ unix:///home/appstore/appstore/shared/tmp/sockets/puma.sock ...@@ -69,6 +69,7 @@ unix:///home/appstore/appstore/shared/tmp/sockets/puma.sock
``` ```
## TODO ## TODO
* Better instructions about how to upload an app
* Logrotate (seems like Logger has rotation capability) * Logrotate (seems like Logger has rotation capability)
* Only keep most recent 3 app versions * Only keep most recent 3 app versions
* Add ability for app owner to test the app, app version before marking them as 'Published' * Add ability for app owner to test the app, app version before marking them as 'Published'
......
...@@ -57,7 +57,7 @@ iptables -A mysql-protection --src $ALLOW_IP_ADDRESS -j ACCEPT ...@@ -57,7 +57,7 @@ iptables -A mysql-protection --src $ALLOW_IP_ADDRESS -j ACCEPT
# drop everyone else # drop everyone else
iptables -A mysql-protection -j DROP iptables -A mysql-protection -j DROP
# use chain xxx for packets coming to TCP port $MYSQL_PORT # use chain xxx for packets coming to TCP port $MYSQL_PORT
iptables -I INPUT -m tcp -p tcp --dport $MYSQL_PORT -j mysql-protection iptables -A INPUT -m tcp -p tcp --dport $MYSQL_PORT -j mysql-protection
# Redis # Redis
REDIS_PORT=6379 REDIS_PORT=6379
...@@ -68,7 +68,7 @@ iptables -A redis-protection --src $ALLOW_IP_ADDRESS -j ACCEPT ...@@ -68,7 +68,7 @@ iptables -A redis-protection --src $ALLOW_IP_ADDRESS -j ACCEPT
# drop everyone else # drop everyone else
iptables -A redis-protection -j DROP iptables -A redis-protection -j DROP
# use chain xxx for packets coming to TCP port $REDIS_PORT # use chain xxx for packets coming to TCP port $REDIS_PORT
iptables -I INPUT -m tcp -p tcp --dport $REDIS_PORT -j redis-protection iptables -A INPUT -m tcp -p tcp --dport $REDIS_PORT -j redis-protection
# Save settings # Save settings
iptables-save > /etc/iptables/rules.v4 iptables-save > /etc/iptables/rules.v4
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment