Using iptables to block incoming traffic directly to you node.js app

Kind of offtopic but every now and then I need to use iptables to block incoming traffic coming from the vps' virtual ethernet device directly going to my node.js apps.

I'm generally using Nginx as a reverse proxy and want to prevent exposing my node.js apps. Off course i'm also using iptables to prevent exposing other ports to the outer world.

To e.g. block tc ports 3000 to 8999 you may use this command:

sudo iptables -A INPUT -i venet0 -p tcp --destination-port 3000:8999 -j DROP

Whereas venet0 is the virtual ethernet device. Local requests coming from Nginx (or any other Reverse-Proxy) will reach the server as long as it's on the same device of course.