starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-28 10:55:54 +03:00

[GH-ISSUE #1108] blocking port 81 with iptables DOCKER-USER doesn't work #911

New issue

Closed

opened 2026-02-26 06:34:54 +03:00 by kerem · 3 comments

kerem commented

2026-02-26 06:34:54 +03:00

Owner

Originally created by @Mozzarella-dev on GitHub (May 19, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1108

Describe the bug

Blocking port 81 (web panel) with iptables doesn't work and i can still access web panel from the internet. My current rule is:

iptables -I DOCKER-USER -i eth0 -p tcp --dport 81 -j DROP

Instead the webpanel takes longer to load and it's overall speed decreases, but it can be accessed from eth0 interface

Version of Nginx Proxy Manager reported: v2.9.2

To Reproduce

deploy the docker container with docker-compose as in the quick start guide.
add iptable rule for the DOCKER-USER filter: sudo iptables -I DOCKER-USER -i eth0 -p tcp --dport 81 -j DROP (use eth0 if your public interface is eth0 otherwise adjust accordingly).
test it by trying to access your_server_ip:81 from the internet.

Expected behavior
That should just block the request on port 81 as happens with other containers.

Screenshots

Operating System

Debian 9 with:

Client: Docker Engine - Community
 Version:           19.03.15
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        99e3ed8919
 Built:             Sat Jan 30 03:17:11 2021
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.15
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       99e3ed8919
  Built:            Sat Jan 30 03:15:40 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.3
  GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
 runc:
  Version:          1.0.0-rc92
  GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Originally created by @Mozzarella-dev on GitHub (May 19, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1108 **Describe the bug** - Blocking port 81 (web panel) with iptables doesn't work and i can still access web panel from the internet. My current rule is: ``` iptables -I DOCKER-USER -i eth0 -p tcp --dport 81 -j DROP ``` Instead the webpanel takes longer to load and it's overall speed decreases, but it can be accessed from eth0 interface - Version of Nginx Proxy Manager reported: v2.9.2 **To Reproduce** - deploy the docker container with docker-compose as in the quick start guide. - add iptable rule for the DOCKER-USER filter: `sudo iptables -I DOCKER-USER -i eth0 -p tcp --dport 81 -j DROP` (use eth0 if your public interface is eth0 otherwise adjust accordingly). - test it by trying to access your_server_ip:81 from the internet. - **Expected behavior** That should just block the request on port 81 as happens with other containers. **Screenshots** **Operating System** - Debian 9 with: ``` Client: Docker Engine - Community Version: 19.03.15 API version: 1.40 Go version: go1.13.15 Git commit: 99e3ed8919 Built: Sat Jan 30 03:17:11 2021 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.15 API version: 1.40 (minimum version 1.12) Go version: go1.13.15 Git commit: 99e3ed8919 Built: Sat Jan 30 03:15:40 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.3 GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b runc: Version: 1.0.0-rc92 GitCommit: ff819c7e9184c13b7c2607fe6c30ae19403a7aff docker-init: Version: 0.18.0 GitCommit: fec3683 ```

kerem

2026-02-26 06:34:54 +03:00

closed this issue
added the
stale

bug
labels

kerem commented

2026-02-26 06:34:54 +03:00

Author

Owner

@JfrAziz commented on GitHub (Jul 28, 2021):

I use this rule and it's work

sudo iptables -I DOCKER-USER -i eth0 ! -s 127.0.0.1 -p tcp --dport 81 -j DROP

it drop any request to 81 except from 127.0.0.1 or localhost, and then to access it I just use ssh tunelling from my local computer, like ssh -L 8081:127.0.0.1:81 -N -f -p 22 <user>@<ip>

@JfrAziz commented on GitHub (Jul 28, 2021): I use this rule and it's work ``` sudo iptables -I DOCKER-USER -i eth0 ! -s 127.0.0.1 -p tcp --dport 81 -j DROP ``` it drop any request to 81 except from 127.0.0.1 or localhost, and then to access it I just use ssh tunelling from my local computer, like ` ssh -L 8081:127.0.0.1:81 -N -f -p 22 <user>@<ip>`

kerem commented

2026-02-26 06:34:55 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Mar 11, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Mar 11, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented

2026-02-26 06:34:55 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Apr 23, 2025):

Issue was closed due to inactivity.

@github-actions[bot] commented on GitHub (Apr 23, 2025): Issue was closed due to inactivity.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#911

No description provided.

Rows
Columns