So we’ve had need to open a couple of ports on our home-server to the real-world. Its like letting a child out in the evening for the first time alone – you’ve no idea what trouble they might get into but just hope you’ve prepared them enough.
These are my notes for when I forget what I’ve done.
The router is only forwarding HTTP and SSH traffic to the server. SSH has been locked down so it only accepts Key logins from non-root users so I think this is pretty good. The default site forwards via .htaccess to this domain which prevents general rumblings if you find it and only certain external subdomains are identified in the server’s /etc/hosts file.
Denyhosts is installed.
UFW Firewall has been configured using
sudo ufw default deny sudo ufw allow ssh sudo ufw allow www sudo ufw allow 10000 sudo ufw allow 443 sudo ufw allow Samba sudo ufw allow 5901 sudo ufw enable
Thanks to 1000Umbrellas for the above.
Apparently, its possible to use allow webmin but this didn’t seem to work in this instance.