ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 3 days agoWhat steps do you take to secure your server and your selfhosted services?message-squaremessage-square47fedilinkarrow-up10arrow-down10file-text
arrow-up10arrow-down1message-squareWhat steps do you take to secure your server and your selfhosted services?ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 3 days agomessage-square47fedilinkfile-text
Inspired by this comment to try to learn what I’m missing. Cloudflare proxy Reverse Proxy Fail2ban Docker containers on their own networks
minus-squareirmadlad@lemmy.worldlinkfedilinkEnglisharrow-up0·2 days ago My new strategy is to block EVERY port Wow! All 65535 +/-, in and out? That’s one way to skin a cat.
minus-squaregamer@lemm.eelinkfedilinkEnglisharrow-up0·2 days agoez pz: #!/usr/sbin/nft -f table inet filter { chain input { type filter hook input priority raw; policy accept; iif "lo" accept ct state established,related accept iif "enp1s0" udp dport 51820 accept iif "enp1s0" drop } chain forward { type filter hook forward priority raw; policy accept; iif "lo" accept ct state established,related accept iif "enp1s0" udp dport 51820 accept iif "enp1s0" drop } chain output { type filter hook output priority raw; policy accept; } }
Wow! All 65535 +/-, in and out? That’s one way to skin a cat.
ez pz:
#!/usr/sbin/nft -f table inet filter { chain input { type filter hook input priority raw; policy accept; iif "lo" accept ct state established,related accept iif "enp1s0" udp dport 51820 accept iif "enp1s0" drop } chain forward { type filter hook forward priority raw; policy accept; iif "lo" accept ct state established,related accept iif "enp1s0" udp dport 51820 accept iif "enp1s0" drop } chain output { type filter hook output priority raw; policy accept; } }