automation/security/README.md at 1759f7987ef4fad6ad681e0a072a250054dc2843 - adrien/automation - Gitea: git with a cup of coffee

adrien/automation

Adrien Luxey e2d4f39fa4 minor advice

2020-01-29 11:05:21 +01:00

466 B

Raw Blame History

PHP inections

See phpmalwarescanner

Firewall

Ports I need

Incoming - DROP except:

http/s (nginx)
8448 (synapse - with TLS through nginx)
ssh
icmp
ftp

Outgoing - ACCEPT all

Using UFW

Enable IPv6 in /etc/default/ufw if not done:

IPV6=yes
Set default rules e.g.:

ufw default deny incoming ufw default allow outgoing
Configure more rules:

ufw [allow|deny|reject|limit] [in|out] [protocol|port]

See ufw.sh.