Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    UFW set up for personal vps, is allow only from IP good enough?
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    UFW set up for personal vps, is allow only from IP good enough?

    Usually when setting up a server I set up iptables, fail2ban, ssh keys, etc. etc. However, recently I bought a VPS for testing purposes and personal use only; has debian 8. Do I need to go through all that trouble if I'm the only person accessing the server?

    Is this good enough, maybe I block ping requests as well?

    ufw default deny incoming
    ufw default allow outgoing
    ufw allow from XXX.XXX.XXX.XXX

    Thanks.

    Comments

    • Block ping, move ssh port, deny root login.

      At least that is what I do on lower end boxes I only use for testing and prototyping.

    • deny everything and ONLY allow what you need (ip, port)

    • My minimum is:

      • change ssh port
      • turn off passwords in sshd (key only)
      • run an nmap scan on the public IP to see what's open
      • pam extension to email me whenever someone logs in

      Usually do more but always do at least those.

      For LET support, please visit the interim support desk.

    • Unplug ethernet cable

      Different.

    • yomeroyomero Member
      edited January 2016

      Allowing just a single IP is risky. Unless you own that IP, you can lose it and get totally blocked out of the server.
      Of course, there are ways to recover it, but is not worth the trouble.

      Personally, I just change the port, setup ultra long passwords and use ssh-keys.

    Sign In or Register to comment.