30 lines
424 B
Markdown
30 lines
424 B
Markdown
|
## Firewall
|
||
|
|
||
|
### Ports I need
|
||
|
|
||
|
Incoming - DROP except:
|
||
|
* http/s (nginx)
|
||
|
* 8448 (synapse - with TLS through nginx)
|
||
|
* ssh
|
||
|
* icmp
|
||
|
* ftp
|
||
|
|
||
|
Outgoing - ACCEPT all
|
||
|
|
||
|
### Using UFW
|
||
|
|
||
|
* Enable IPv6 in `/etc/default/ufw` if not done:
|
||
|
|
||
|
IPV6=yes
|
||
|
|
||
|
* Set default rules e.g.:
|
||
|
|
||
|
ufw default deny incoming
|
||
|
ufw default allow outgoing
|
||
|
|
||
|
* Configure more rules:
|
||
|
|
||
|
ufw [allow|deny|reject|limit] [in|out] [protocol|port]
|
||
|
|
||
|
See `ufw.sh`.
|