starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 04:45:48 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #67] Add instructions / notes regarding firewall setup #24

New issue
Open
opened 2026-03-13 15:24:10 +03:00 by kerem · 1 comment
kerem commented 2026-03-13 15:24:10 +03:00
Owner
Copy link

Originally created by @joohoi on GitHub (Apr 8, 2018).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/67

As noted by @jvanasco in https://github.com/joohoi/acme-dns/pull/64#issuecomment-377645243

Originally created by @joohoi on GitHub (Apr 8, 2018). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/67 As noted by @jvanasco in https://github.com/joohoi/acme-dns/pull/64#issuecomment-377645243
kerem commented 2026-03-13 15:24:21 +03:00
Author
Owner
Copy link

@jvanasco commented on GitHub (Apr 10, 2018):

FYI I ended up handling port53 toggling via iptables and a custom acme-dns chain as suggested to me in a serverfault Q&A.

After a bit of fiddling, the top of the output from my iptables-save (and iptables-restore) looks roughly like this:

:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [451:186415]
:acme-dns - [0:0]
    ... other chains ...
-A INPUT -j acme-dns

This line to create the chain...

:acme-dns - [0:0]

...is essentially the same as:

iptables -N acme-dns

And this line

-A INPUT -j acme-dns

...is the same as

iptables -A INPUT -j acme-dns

I decided to handle this via save/restore because I didn't know how to better position the routes.

When running acme-dns, i open the ports via:

iptables -A acme-dns -p tcp --dport 53 -j ACCEPT
iptables -A acme-dns -p udp --dport 53 -j ACCEPT
iptables -A acme-dns -p tcp --dport 8011 -j ACCEPT

And when shutting it off, I just clear out the entire rule

iptables -F acme-dns
<!-- gh-comment-id:380244415 --> @jvanasco commented on GitHub (Apr 10, 2018): FYI I ended up handling port53 toggling via `iptables` and a custom acme-dns chain as suggested to me in a serverfault Q&A. After a bit of fiddling, the top of the output from my `iptables-save` (and iptables-restore) looks roughly like this: :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [451:186415] :acme-dns - [0:0] ... other chains ... -A INPUT -j acme-dns This line to create the chain... :acme-dns - [0:0] ...is essentially the same as: iptables -N acme-dns And this line -A INPUT -j acme-dns ...is the same as iptables -A INPUT -j acme-dns I decided to handle this via save/restore because I didn't know how to better position the routes. When running acme-dns, i open the ports via: iptables -A acme-dns -p tcp --dport 53 -j ACCEPT iptables -A acme-dns -p udp --dport 53 -j ACCEPT iptables -A acme-dns -p tcp --dport 8011 -j ACCEPT And when shutting it off, I just clear out the entire rule iptables -F acme-dns
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#24
No description provided.