From cf502bd9d5523e676584130667c4ed5e4801c4cd Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Mon, 6 Jun 2022 11:27:24 +0200
Subject: [PATCH] fickit: Allow connections to admin only from local (through
 ssh)

---
 fickit-backend.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fickit-backend.yml b/fickit-backend.yml
index e74b875f..d33d5111 100644
--- a/fickit-backend.yml
+++ b/fickit-backend.yml
@@ -162,7 +162,7 @@ services:
         - /var/lib/fic/backups
   - name: fic-admin
     image: nemunaire/fic-admin:latest
-    command: ["/srv/admin", "-4real", "-bind=:8081", "-baseurl=/admin/", "-localimport=/mnt/fic", "-timestampCheck=/srv/submissions"]
+    command: ["/srv/admin", "-4real", "-bind=127.0.0.1:8081", "-baseurl=/admin/", "-localimport=/mnt/fic", "-timestampCheck=/srv/submissions"]
     env:
       - MYSQL_HOST=db
       - FICCA_PASS=jee8AhloAith1aesCeQu5ahgIegaeM4K
@@ -360,7 +360,6 @@ files:
       [0:0] -A INPUT -p icmp -j ACCEPT
       [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
       [0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT
-      [0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8081 -j ACCEPT
       [0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8082 -j ACCEPT
       [0:0] -A INPUT -i vethin-admin -s 172.17.0.0/24 -p tcp -m conntrack --ctstate NEW -j ACCEPT
       [0:0] -A INPUT -j LOG