Replies: 1 comment
-
You shouldn't have to touch iptables rules at all if you're following the bungeecord documentation, as you'd configure allocations in a way that all traffic goes through the proxy and servers behind it are not reachable by the outside world (127.0.0.1). Docker handles iptables and Pterodactyl doesn't do anything special to it. Should you want specific rules that overrule Docker unrelated to Minecraft proxy setup, you must insert them into DOCKER-USER chain. |
Beta Was this translation helpful? Give feedback.
0 replies
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
-
Hello, I have been trying for the last couple of hours to filter traffic on a game server by setting a specific source ip address using the following rule as template:
iptables -I INPUT ! -s <ip> -p tcp --dport <port> -j DROP
on iptables. The issue is that docker creates/modifies some rules on iptables every time I restart the game server, that accept every single connection from that port (I don't want that to happen). What I have tried so far is to change this rule from docker:
-A DOCKER -d 172.18.0.2/32 ! -i pterodactyl0 -o pterodactyl0 -p tcp -m tcp --dport <port> -j ACCEPT
to this:
-A DOCKER -s <specific_ip> -d 172.18.0.2/32 ! -i pterodactyl0 -o pterodactyl0 -p tcp -m tcp --dport <port> -j ACCEPT
which worked when I applied the config but it reverted back to the previous one when I restarted the game server (because of docker). Is there anything I can do? In case you are wondering why I am attempting to do that, I am following the BungeeCord Firewall Guide Thanks in advance :)
Beta Was this translation helpful? Give feedback.
All reactions