Hacker News new | past | comments | ask | show | jobs | submit login

My biggest concern with being on a VPS like Linode, once you're all done securing yourself and binding services to the local LAN IP, is an attack from within the network. The VPS you own is also accessible by others on the same subnet, contrary to what you might assume.

I'd love to see a ufw guide for whitelisting only your own internal IPs to be allowed access to any services for ultimate security.




Not sure what you mean but ufw by default blocks everything on your interface so other machines in the local subnet shouldn't have access.

If you want to have more security and no (or just a single) outgoing service configure OpenVPN with TLS and put all your local services in a local subnet for your machine. So not even a portscan can find something.


Something like Ansible can help with this a ton. My playbooks are littered with tasks such as:

  - ufw: rule=allow direction=in port={{ redis_port }} src={{ hostvars[item]['ansible_ssh_host'] }}
    with_items: "{{ groups['jobservers'] }}"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: