Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


UFW set up for personal vps, is allow only from IP good enough?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

UFW set up for personal vps, is allow only from IP good enough?

Usually when setting up a server I set up iptables, fail2ban, ssh keys, etc. etc. However, recently I bought a VPS for testing purposes and personal use only; has debian 8. Do I need to go through all that trouble if I'm the only person accessing the server?

Is this good enough, maybe I block ping requests as well?

ufw default deny incoming
ufw default allow outgoing
ufw allow from XXX.XXX.XXX.XXX

Thanks.

Comments

  • Block ping, move ssh port, deny root login.

    At least that is what I do on lower end boxes I only use for testing and prototyping.

  • deny everything and ONLY allow what you need (ip, port)

  • raindog308raindog308 Administrator, Veteran

    My minimum is:

    • change ssh port
    • turn off passwords in sshd (key only)
    • run an nmap scan on the public IP to see what's open
    • pam extension to email me whenever someone logs in

    Usually do more but always do at least those.

  • Unplug ethernet cable

  • yomeroyomero Member
    edited January 2016

    Allowing just a single IP is risky. Unless you own that IP, you can lose it and get totally blocked out of the server.
    Of course, there are ways to recover it, but is not worth the trouble.

    Personally, I just change the port, setup ultra long passwords and use ssh-keys.

Sign In or Register to comment.