Firewall is used to keep a check on the incoming and outgoing connections.
We shall be using
ufw (Uncomplicated Firewall) to close unwanted incoming connections from the Internet and allow outgoing ones.
It’s preferable to not use Scaleway servers, as something or the other used to get messed up on those. Digital Ocean and Vultr seem to do just fine.
Make sure this is the first thing you do when setting up a server. This is to ensure, there is no data loss or time loss if anything goes wrong. There is a major chance of losing complete access to the server in case you don’t configure something properly. So make sure to backup your data locally or on another server to prevent any data loss.
apt install ufw
/etc/default/ufwand modify all the three lines as shown below
DEFAULT_INPUT_POLICY="ACCEPT" DEFAULT_INPUT_POLICY="ACCEPT" DEFAULT_INPUT_POLICY="ACCEPT"
- Append a drop-all rule to the INPUT chain: Edit
/etc/ufw/after.rules, add this line just before the final
-A ufw-reject-input -j DROP
ufwlogging (this seems to cause issues with Scaleway’s default kernel):
ufw logging off
ufw is up and running, and NBD shouldn’t cause issues.
- This is also necessary since there seems to be some permissions issue with the following folders
chmod 751 /etc/default chmod 751 /etc chmod 751 /usr
- Setup a basic configuration to allow SSH, HTTPS and HTTP incoming
ufw default deny incoming ufw default allow outgoing ufw allow ssh ufw allow 80/tcp ufw allow 443/tcp ufw enable
In a new terminal window check that you can still access your host via ssh.
- You can check the configuration at any time with:
ufw status verbose
- You can disable the
ufwconfiguration at any time with:
sudo ufw disable