Comments (3)
Thanks for your continued feedback on UFW configuration @Bronislawsky ... it has been janky since the beginning.
This is now fixed in our user.rules
boilerplate:
### tuple ### allow tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp -m multiport --dports 80,443 -j ACCEPT
### tuple ### allow tcp @SSH_PORT 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport @SSH_PORT -j ACCEPT
Ref: https://github.com/littlebizzy/slickstack/blob/master/ufw-firewall/user-rules.txt
Ref: https://github.com/littlebizzy/slickstack/blob/master/ss-install-ufw.txt
I'm not necessarily opposed to setting up rules using CLI commands, esp. since UFW is rather fragile. However, if we stop using a boilerplate then I'm concerned users will start customizing UFW rules, and SlickStack will have less predictability.
Since we want to make a very simple and predictable LEMP stack, I'm hoping to retain user.rules
especially since the format and networking order of before.rules
and after.rules
seem a bit complex, idk.
Definitely could use some feedback on other sections too:
*filter
LOGGING
RATE LIMITING
from slickstack.
Thank you very much
from slickstack.
Just an update on this, I've now also added a boilerplate for user6.rules
for IPv6 support as well... to verify that both IPv4 and IPv6 rules are running correctly type sudo ufw status verbose
and it should look like:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80,443/tcp ALLOW IN Anywhere
6969/tcp ALLOW IN Anywhere
80,443/tcp (v6) ALLOW IN Anywhere (v6)
6969/tcp (v6) ALLOW IN Anywhere (v6)
from slickstack.
Related Issues (20)
- Auto restart MySQL service if it went down HOT 2
- MySQL and/or Redis crashing sometimes on Ubuntu 20.04 HOT 4
- Consider replacing Nginx with Caddy HOT 7
- Exiting ss-update-config: There is a version mismatch between this script and public mirrors.. HOT 1
- Migration slickstack between VPS to VPS HOT 1
- change php version and Install ioncube loader HOT 4
- Install freeze on Running ss-install-redis-packages... HOT 3
- Website very slow loading inside apps ios HOT 3
- CERT_AUTHORITY_INVALID After install HOT 1
- SUDO_USER and SFTP_USER validation check to avoid conflicts? HOT 2
- Perform custom tasks during certain SlickStack scripts HOT 1
- Invalid user mysql:mysql error when using remote database HOT 1
- Ensure more privacy for openssl cert generation. HOT 11
- SS_ADMINER_PUBLIC="false" does not work as intended. HOT 9
- Allow tuning of PHP8 JIT settings (opcache.jit options in php.ini) HOT 4
- Cloudflare real visitor IP support in Nginx config HOT 18
- Option to allow only Cloudflare IPs to connect to origin server HOT 2
- OpenVZ PHP-FPM "Unable to set priority for the master process: Permission denied" HOT 9
- Support for custom Permissions Policy HTTP header in Nginx HOT 6
- Improve WP-Cron robustness for Multisite environments HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slickstack.