On 23/3/23 15:42, Nicolas George wrote:
Jeremy Ardley (12023-03-23):
On your second topic I don't usually run firewalls on my cloud severs.
But surely on a server the network configuration is static, including
the firewall rules, isn't it?
On AWS the firewall rules are set by AWS themselves, though there is a
console to adjust them. I normally only open up the incoming ports I am
using. For ssh I only allow it from my personal IPv4 and IPv6 ranges
On Linode I just run bare with no firewall and only trusted services
listening on a few ports. Linode do block outgoing port 25 and 485.
In a better world, in case my server were to be compromised, I'd set up
to manage my outgoing such as rate limiting outgoing DNS requests and
blocking other destination ports entirely.
I'm sure there is a list of destination ports this applies to?
--
Jeremy
(Lists)
