Blocking ports on tpot

[thaneye]

My fritz router does not allow me to allow port range (1-64000), I only get the option to expose a host. Is there anyway to block admin ports on tpot using iptables? I tried with rules.sh without much luck.

[t3chn0m4g3]

There is no standardized solution in place. SSH and Cockit are native services running on the host, so you can limit access to these services as part of the configurations. Nginx (or Heimdall, T-Pot Landing page) needs to be adjusted accordingly but using Volumes (example in the Wiki). However all three services are fail2ban secured, so after three failed attempts IPs are blocked. For Cockpit there is even a 2FA enable script in /opt/tpot/bin.

[thaneye]

I added these lines in the #main at the bottom of rules.sh and it seems to do the job.
/usr/sbin/iptables-legacy -w -A INPUT --src 192.168.1.0/24 -p tcp --dport 64000:65534 -j ACCEPT
/usr/sbin/iptables-legacy -w -A INPUT --src 127.0.0.1 -p tcp --dport 64000:65534 -j ACCEPT
/usr/sbin/iptables-legacy -w -A INPUT -p tcp --dport 64000:65534 -j DROP

[t3chn0m4g3]

LGTM, please keep in mind rules.sh will be executed on each T-Pot start / stop, and you avoid duplicates of these rules. Also if neither glutton and honeytrap is used rules.sh omits adding rules.