Part 5 - Securing the Host
- Configure a host-based firewall (UFW)
NOTE: If you are running on a VPS, check the control panel and ensure that any open ports on your host are also updated within the VPS control panel (it may have an additional firewall between your host and the internet)
| Description | Command | |
|---|---|---|
| 1 | Create basic firewall rules to secure the host, copy and paste each of the commands in order. Port 80/443 (http/https) are required only if you do not have your own SSL certificate (used for validation of the DNS record when obtaining a certificate from letsencrypt) | sudo ufw default allow outgoing sudo ufw default deny incoming sudo ufw allow ssh/tcp sudo ufw limit ssh/tcp sudo ufw allow http/tcp sudo ufw allow https/tcp sudo ufw allow 9033/tcp sudo ufw logging on sudo ufw -f enable sudo ufw status Example Output zenops@zsec01:~$ sudo ufw status To......................................................................Action..................From |
| 2 | UFW generally installs, enabled at boot by default, to be certain that it starts at boot, enable it with systemctl | sudo systemctl enable ufw |
© 2020 Horizen. All rights reserved.
