Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
UFW set up for personal vps, is allow only from IP good enough?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

UFW set up for personal vps, is allow only from IP good enough?

Usually when setting up a server I set up iptables, fail2ban, ssh keys, etc. etc. However, recently I bought a VPS for testing purposes and personal use only; has debian 8. Do I need to go through all that trouble if I'm the only person accessing the server?

Is this good enough, maybe I block ping requests as well?

ufw default deny incoming
ufw default allow outgoing
ufw allow from XXX.XXX.XXX.XXX

Thanks.

Comments

  • Block ping, move ssh port, deny root login.

    At least that is what I do on lower end boxes I only use for testing and prototyping.

  • deny everything and ONLY allow what you need (ip, port)

  • My minimum is:

    • change ssh port
    • turn off passwords in sshd (key only)
    • run an nmap scan on the public IP to see what's open
    • pam extension to email me whenever someone logs in

    Usually do more but always do at least those.

    For LET support, please visit the support desk.

  • Unplug ethernet cable

    Different.

  • yomeroyomero Member
    edited January 2016

    Allowing just a single IP is risky. Unless you own that IP, you can lose it and get totally blocked out of the server.
    Of course, there are ways to recover it, but is not worth the trouble.

    Personally, I just change the port, setup ultra long passwords and use ssh-keys.

Sign In or Register to comment.