automation/security at c1739eaf3a07743c0bcc19bba99eca0ce755a527 - adrien/automation - Gitea: git with a cup of coffee

History

Adrien Luxey e2d4f39fa4 minor advice		2020-01-29 11:05:21 +01:00
..
README.md	minor advice	2020-01-29 11:05:21 +01:00
ufw.sh	added easy UFW rules	2020-01-28 13:40:31 +01:00

README.md

PHP inections

See phpmalwarescanner

Firewall

Ports I need

Incoming - DROP except:

http/s (nginx)
8448 (synapse - with TLS through nginx)
ssh
icmp
ftp

Outgoing - ACCEPT all

Using UFW

Enable IPv6 in /etc/default/ufw if not done:

IPV6=yes
Set default rules e.g.:

ufw default deny incoming ufw default allow outgoing
Configure more rules:

ufw [allow|deny|reject|limit] [in|out] [protocol|port]

See ufw.sh.