UFW rules question
-
I am trying to troubleshoot some weird access on one of our webhosts. I only want 80 and 443 accessible from anywhere, I'd like 587 to be only pointing to our mail server IP, and only want SSH to be allowed from our WAN IP. Am I missing anything?
-
I see that I have to delete the 1st entry.
-
ufw status verbose
will help you more, cause it will show the default incoming and outgoing rule
-
@Emad-R said in UFW rules question:
ufw status verbose
will help you more, cause it will show the default incoming and outgoing rule
-
Ok you dont need to make any deny rules, cause by default this is working. Just put the stuff you wish to make exceoption and allow
-
@Emad-R said in UFW rules question:
Ok you dont need to make any deny rules, cause by default this is working. Just put the stuff you wish to make exceoption and allow
Then this should be good?
-
You still need 587 I believe.
-
Look good to me .
If you need to send emails from the box itself you need to open additional, but usually you rely on third party services for that like SMTP2GO or SendGrid and for that you dont need to open any additional ports.
I used to firewall port SSH but then i was like I would like to work on machines from anywhere, so I just enable strong SSH auth based security.
However both approaches will work, the thing is imagine if you want to connect on that machine on emergency, you have to go to the 74 IP or vpn to it.
