Limit nginx to lan access only?

[hobeone]

I installed the rtorretvpn image and I think I have things working appropriately (thanks for making this so easy!)

I was wondering about some of the firewall settings for the nginx ports. I'm running with wireguard as the VPN and noticed that the iptables rules (I think) can allow traffic from the VPN to hit the nginx proxy. I can't actually get a connection through from the VPN endpoint but I thought it might be good to have an option to explicitly lock down access in the container.

I have a separate nginx reverse proxy that handles authentication and so disabled authentication on the web interface presented in the container.

iptables snipit

0 0 ACCEPT     all  --  wg0    *       0.0.0.0/0            0.0.0.0/0

and

# netstat -an -A ip -p | grep nginx
tcp        0      0 0.0.0.0:9443            0.0.0.0:*               LISTEN      1938/nginx: master  
tcp        0      0 0.0.0.0:9080            0.0.0.0:*               LISTEN      1938/nginx: master

The above suggests that traffic could come in over wireguard to the nginx instance. Is that prevented in some other way?

[hobeone]

I forgot to mention that I'm using Cloudflare as the VPN provider and that this seems to be the opposite of what is being asked for in #169.