DEV Community

Cover image for [Day 2] Securing server with firewall
Wojciech Wernicki
Wojciech Wernicki

Posted on • Updated on

[Day 2] Securing server with firewall

Hello guys!

As I mentioned in previous post, today I will begin securing my server. Today's topic is disabling root access and setting up firewall.

Disable root and changing default SSH port

This one is very easy to achieve. With nano I edited file /etc/ssh/sshd_config by adding rule:

PermitRootLogin no
Enter fullscreen mode Exit fullscreen mode

Also I learned that you should change port for SSH from default 22. In the same file I entered new value:

Port 12345
Enter fullscreen mode Exit fullscreen mode

After that, SSH service restart is needed by command sudo service ssh restart. Now to log in to the server, I have to specify to which port I want to connect myself:

ssh login@XXX.XXX.XXX.XXX -p 12345
Enter fullscreen mode Exit fullscreen mode

Firewall

Most common dependency for firewall is UFW. It was preinstalled on my machine, so all I have to do is to set up necessary rules.

The list of allowed communication both for IPv4 and IPv6 will be for now:

  • SSH (only for new port)
  • HTTP
  • HTTPS
sudo ufw default deny incoming # by default ban all incoming connections
sudo ufw default allow outgoing # by default allow all outgoing connections
sudo ufw allow 12345 # allow to connect to new SSH port
sudo ufw deny 22 # deny to connect to old SSH port
sudo ufw allow http # allow to connect with HTTP connection (port 80)
sudo ufw allow https # allow to connect with HTTP connection (port 443)
sudo ufw enable # enable firewall
Enter fullscreen mode Exit fullscreen mode

And very basic server securing is done! Tomorrow I will give a try with some other dependencies to prevent unauthorized access to my machine.


References


Cover image: Photo by Viktor Forgacs on Unsplash

Top comments (0)