Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 2
Next »
- Configure a host-based firewall (UFW)
NOTE: If you are running on a VPS, check the control panel and ensure that any open ports on your host are also updated within the VPS control panel (it may have an additional firewall between your host and the internet)
| Description | Command |
|---|
| 1 | Create basic firewall rules to secure the host, copy and paste each of the commands in order.
Port 80/443 (http/https) are required only if you do not have your own SSL certificate (used for validation of the DNS record when obtaining a certificate from letsencrypt)
|
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow http/tcp
sudo ufw allow https/tcp
sudo ufw allow 9033/tcp
sudo ufw logging on
sudo ufw -f enable
sudo ufw status
zenops@zsec01:~$ sudo ufw status
Status: active To......................................................................Action..................From
--.......................................................................-------...................-----
22/tcp..............................................................LIMIT....................Anywhere
80/tcp..............................................................ALLOW................Anywhere
443/tcp............................................................ALLOW...............Anywhere
9033/tcp..........................................................ALLOW...............Anywhere
22/tcp.(v6).......................................................LIMIT..................Anywhere.(v6)
80/tcp.(v6).......................................................ALLOW..............Anywhere.(v6)
443/tcp.(v6)....................................................ALLOW...............Anywhere.(v6)
9033/tcp.(v6)..................................................ALLOW..............Anywhere.(v6)
|
| 2 | UFW generally installs, enabled at boot by default, to be certain that it starts at boot, enable it with systemctl |
sudo systemctl enable ufw
|
Part 5 of 11 - Securing the Host
Error rendering macro 'excerpt-include' : No link could be created for 'Social Links'.