Question After adding iptables GEO IP restrictions, api.php stopped working

[terminatortv]

Hi everyone,
I am seeking for help if somebody had issue like I have right now.
After adding rule in iptable to block all connections to port 25461 which are not from specific countries that I added, api.php stopped working.
I can't restart stream, edit stream, add new movie using main panel.
I can kill all connecions, reboot server and so on, but can't use functions that are inside api.php file in wwwdir

I tried allowing access to all ports tcp/udp INPUT and OUTPUT from main server to all loadbalancers, but that didnt fix the problem.

So if somebody have some tip that might help, please leave in comments.

Thanks

Update:
One thing I forgot to metion, is that ofcourse I added IP's of loadbalancers to whitelist. Streams are working, clients can watch channels and movies, but restarting/stoping/starting streams and movies is not working.

 

[TeslaVision]

Hi everyone,
I am seeking for help if somebody had issue like I have right now.
After adding rule in iptable to block all connections to port 25461 which are not from specific countries that I added, api.php stopped working.
I can't restart stream, edit stream, add new movie using main panel.
I can kill all connecions, reboot server and so on, but can't use functions that are inside api.php file in wwwdir

I tried allowing access to all ports tcp/udp INPUT and OUTPUT from main server to all loadbalancers, but that didnt fix the problem.

So if somebody have some tip that might help, please leave in comments.

Thanks

Update:
One thing I forgot to metion, is that ofcourse I added IP's of loadbalancers to whitelist. Streams are working, clients can watch channels and movies, but restarting/stoping/starting streams and movies is not working.

Hm, did you whitelist your main server ip? (127.0.0.1 and also main public ip not only the loopback ip)...

 

[terminatortv]

Hm, did you whitelist your main server ip? (127.0.0.1 and also main public ip not only the loopback ip)...

Thank you so much, I didn't think about it. Much love <3

 

[alqui82]

Hi everyone,
I am seeking for help if somebody had issue like I have right now.
After adding rule in iptable to block all connections to port 25461 which are not from specific countries that I added, api.php stopped working.
I can't restart stream, edit stream, add new movie using main panel.
I can kill all connecions, reboot server and so on, but can't use functions that are inside api.php file in wwwdir

I tried allowing access to all ports tcp/udp INPUT and OUTPUT from main server to all loadbalancers, but that didnt fix the problem.

So if somebody have some tip that might help, please leave in comments.

Thanks

Update:
One thing I forgot to metion, is that ofcourse I added IP's of loadbalancers to whitelist. Streams are working, clients can watch channels and movies, but restarting/stoping/starting streams and movies is not working.

Using just iptables will not help you much.

Place a reverse proxy and hide it behind cloudflare and you can manage whole rules form clouflare (countries,asn,user agent and etc) and laso have ddos protection

 

[terminatortv]

Using just iptables will not help you much.

Place a reverse proxy and hide it behind cloudflare and you can manage whole rules form clouflare (countries,asn,user agent and etc) and laso have ddos protection

DDOS protection is already fine, using OVH never had downtime. But for all this rules you mentioned about cloudflare I think they are available only for paid plans.

For now iptables are doing great job allowing TCP connections only from countries where we have clients.

 

[alqui82]

DDOS protection is already fine, using OVH never had downtime. But for all this rules you mentioned about cloudflare I think they are available only for paid plans.

For now iptables are doing great job allowing TCP connections only from countries where we have clients.

No it is at free as well.

In cloudflare you just block one country with one click and ASN and etc.
Regarding OVH DDOS protection is a joke. With 2M hits per day portal will become unresponsive or ovh will null your ip.
With iptables traffic arrives at your server , with cloudflare traffic DONT arrive at your server. Thats the big difference.
I cant say anything more

 

[terminatortv]

No it is at free as well.

In cloudflare you just block one country with one click and ASN and etc.
Regarding OVH DDOS protection is a joke. With 2M hits per day portal will become unresponsive or ovh will null your ip.
With iptables traffic arrives at your server , with cloudflare traffic DONT arrive at your server. Thats the big difference.
I cant say anything more

I have domain already on cloudflare but I already tried adding routes and it is saying that I need to upgrade plan.

 

[alqui82]

I have domain already on cloudflare but I already tried adding routes and it is saying that I need to upgrade plan.

What route have to do with this ?
CLOUFLARE - MAIN PROXY -MAIN