David Kimura
PRO
said about 1 month ago
on
Kamal 2
:
This will block incoming requests except the SSH port, and ports 80 & 443. For server hardening, I also like updating all of the packages on a fresh install and installing fail2ban. I'll also typically update my SSH config (or verify it) that password authentication is disabled, so you can only use a SSH key to authenticate.
It's basically enabling UFW
# installing and configuring ufw sudo apt-get install ufw sudo ufw status sudo ufw allow 22/tcp sudo ufw allow www/tcp sudo uff allow 443/tcp sudo ufw enable
This will block incoming requests except the SSH port, and ports 80 & 443. For server hardening, I also like updating all of the packages on a fresh install and installing fail2ban. I'll also typically update my SSH config (or verify it) that password authentication is disabled, so you can only use a SSH key to authenticate.
sudo apt update && sudo apt upgrade -y sudo apt install fail2ban