To follow up: As workaround for us who use a VPS and need to protect our instance we might use (as alternative to iptables rules?)
1.yunohost firewall to open / close ports
2. hosts.allow and hosts.deny for blocking access to some parts of the system as ssh
3. use nginx’ ability to block access to applications
Example /etc/hosts.deny
add
sshd: All
/etc/hosts.allow
sshd: 192.168.0.0/24
sshd: 127.0.0.1/24
sshd: 10.7.0.1/24
(or any other ip)
To protect apps I found out it works this way
To protect Rainloop:
edit the file /etc/nginx/conf.d/domain.com.d/rainloop.conf
with following:
location ^~ /rainloop/ {
allow 10.7.0.2;
deny all;
}
replace 10.7.0.2 with any IP you use
Maybe some of the experts might review my solution, it seems to work in my case