New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
UFW set up for personal vps, is allow only from IP good enough?
Usually when setting up a server I set up iptables, fail2ban, ssh keys, etc. etc. However, recently I bought a VPS for testing purposes and personal use only; has debian 8. Do I need to go through all that trouble if I'm the only person accessing the server?
Is this good enough, maybe I block ping requests as well?
ufw default deny incoming
ufw default allow outgoing
ufw allow from XXX.XXX.XXX.XXX
Thanks.
Comments
Block ping, move ssh port, deny root login.
At least that is what I do on lower end boxes I only use for testing and prototyping.
deny everything and ONLY allow what you need (ip, port)
My minimum is:
Usually do more but always do at least those.
Unplug ethernet cable
Allowing just a single IP is risky. Unless you own that IP, you can lose it and get totally blocked out of the server.
Of course, there are ways to recover it, but is not worth the trouble.
Personally, I just change the port, setup ultra long passwords and use ssh-keys.