adrien/automation
adrien/automation
1
1
Fork 0
Code Issues Pull requests Releases Wiki Activity

added easy UFW rules

Browse source
This commit is contained in:
Adrien Luxey 2020-01-28 13:40:31 +01:00
parent 34cf4db28d
commit 4424d6f24f
3 changed files with 47 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -1 +1,6 @@
* [wordpress:apache in Docker, with host MySQL config and host nginx](wordpress/)
* [securing server](security/)
## TODO
* review synapse nginx conf - seems incomplete

29
security/README.md Normal file
View file

@ -0,0 +1,29 @@
## Firewall
### Ports I need
Incoming - DROP except:
* http/s (nginx)
* 8448 (synapse - with TLS through nginx)
* ssh
* icmp
* ftp
Outgoing - ACCEPT all
### Using UFW
* Enable IPv6 in `/etc/default/ufw` if not done:
IPV6=yes
* Set default rules e.g.:
ufw default deny incoming
ufw default allow outgoing
* Configure more rules:
ufw [allow|deny|reject|limit] [in|out] [protocol|port]
See `ufw.sh`.

13
security/ufw.sh Executable file
View file

@ -0,0 +1,13 @@
#!/bin/bash
ufw default allow outgoing
ufw default allow routed
ufw default deny incoming
ufw allow in ftp/tcp
ufw allow in ssh/tcp
ufw allow in http/tcp
ufw allow in https/tcp
ufw allow in 8448
ufw allow in from 172.0.0.0/8 # docker and such