added easy UFW rules
This commit is contained in:
Adrien Luxey
parent
34cf4db28d
commit
4424d6f24f
3 changed files with 47 additions and 0 deletions
|
|
@ -1 +1,6 @@
|
||||||
* [wordpress:apache in Docker, with host MySQL config and host nginx](wordpress/)
|
* [wordpress:apache in Docker, with host MySQL config and host nginx](wordpress/)
|
||||||
|
* [securing server](security/)
|
||||||
|
|
||||||
|
## TODO
|
||||||
|
|
||||||
|
* review synapse nginx conf - seems incomplete
|
||||||
|
|
|
||||||
29
security/README.md
Normal file
29
security/README.md
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
## Firewall
|
||||||
|
|
||||||
|
### Ports I need
|
||||||
|
|
||||||
|
Incoming - DROP except:
|
||||||
|
* http/s (nginx)
|
||||||
|
* 8448 (synapse - with TLS through nginx)
|
||||||
|
* ssh
|
||||||
|
* icmp
|
||||||
|
* ftp
|
||||||
|
|
||||||
|
Outgoing - ACCEPT all
|
||||||
|
|
||||||
|
### Using UFW
|
||||||
|
|
||||||
|
* Enable IPv6 in `/etc/default/ufw` if not done:
|
||||||
|
|
||||||
|
IPV6=yes
|
||||||
|
|
||||||
|
* Set default rules e.g.:
|
||||||
|
|
||||||
|
ufw default deny incoming
|
||||||
|
ufw default allow outgoing
|
||||||
|
|
||||||
|
* Configure more rules:
|
||||||
|
|
||||||
|
ufw [allow|deny|reject|limit] [in|out] [protocol|port]
|
||||||
|
|
||||||
|
See `ufw.sh`.
|
||||||
13
security/ufw.sh
Executable file
13
security/ufw.sh
Executable file
|
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
|
||||||
|
ufw default allow outgoing
|
||||||
|
ufw default allow routed
|
||||||
|
ufw default deny incoming
|
||||||
|
ufw allow in ftp/tcp
|
||||||
|
ufw allow in ssh/tcp
|
||||||
|
ufw allow in http/tcp
|
||||||
|
ufw allow in https/tcp
|
||||||
|
ufw allow in 8448
|
||||||
|
ufw allow in from 172.0.0.0/8 # docker and such
|
||||||
|
|
||||||
Loading…
Reference in a new issue