added easy UFW rules

README.md

@@ -1 +1,6 @@
 * [wordpress:apache in Docker, with host MySQL config and host nginx](wordpress/)
+* [securing  server](security/)
+
+## TODO
+
+* review synapse nginx conf - seems incomplete

security/README.md

@@ -0,0 +1,29 @@
+## Firewall
+
+### Ports I need
+
+Incoming - DROP except:
+* http/s (nginx)
+* 8448 (synapse - with TLS through nginx)
+* ssh
+* icmp
+* ftp
+
+Outgoing - ACCEPT all
+
+### Using UFW
+
+* Enable IPv6 in `/etc/default/ufw` if not done:
+
+    IPV6=yes
+
+* Set default rules e.g.:
+
+    ufw default deny incoming
+    ufw default allow outgoing
+
+* Configure more rules:
+
+    ufw [allow|deny|reject|limit] [in|out] [protocol|port]
+
+See `ufw.sh`.

security/ufw.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+
+ufw default allow outgoing
+ufw default allow routed
+ufw default deny incoming
+ufw allow in ftp/tcp
+ufw allow in ssh/tcp
+ufw allow in http/tcp
+ufw allow in https/tcp
+ufw allow in 8448
+ufw allow in from 172.0.0.0/8 # docker and such
+