Secure nodeodm and webodm_db

der2of6 · 4 August 2020 14:20

Hi,
I installed webodm with docker on my Ubuntu 20.04 system.
It works fine, but i found one issue:

By default the Port 3000/tcp from the nodeodm instance and the Port 5432/tcp from the database instance is accessible from the internet (The server is a VPS on the internet, so no firewall before the system, only iptables/ufw on the system) :

docker container ls
opendronemap/webodm_db  0.0.0.0:32780->5432/tcp
opendronemap/nodeodm       0.0.0.0:32781->3000/tcp

The Ports are opened via an iptables dnat rule, ceated when the containers are started.

 iptables -L DOCKER --line-numbers    
Chain DOCKER (2 references)
    num  target     prot opt source               destination
    1    ACCEPT     tcp  --  anywhere             172.20.0.x           tcp dpt:5432
    2    ACCEPT     tcp  --  anywhere             172.20.0.x           tcp dpt:3000

Where can i disable the automatic creation of the iptables rules, so the system is only accasible via Port 8000?

thanks

pierotofy · 31 August 2020 01:28

I think this is a task for a firewall, like ufw? Note that usually the nodeodm port (3000) should not be exposed, not sure why your instance’s setup exposes it. The same is for the DB (that’s why we don’t set strong passwords, we assume these services are not reachable from the outside).

Perhaps a problem with the docker configuration (or some software in the VPS automatically opening ports).