chef-repo icon indicating copy to clipboard operation
chef-repo copied to clipboard

Published 20 hours ago verified publisher icon intercity

Add a basic firewall with ufw.

Open berkes opened this issue 10 years ago • 1 comments

Ubuntu comes with ufw, a friendlier wrapper around iptables. ufw is not too hard to manage through chef.

It would be good to set up boxen with a basic firewall.

Probably others have better ideas, but here is my basic set-up:

  • Allow SSH from anywhere
  • Allow HTTP from anywhere
  • Allow HTTPS from anywhere
  • Everything else is closed down

Alternatively, we could add a [firewall][ssh-whitelist] attribute, containing a list of IP-addresses that have access to SSH: that way you can close down SSH for the world except your own ip-addresses.

berkes avatar Sep 24 '14 21:09 berkes

@berkes Thanks for your input. I think its a good idea, and we will definitely look into this a bit further. If you have ideas how to solve this, please submit a pull request for this.

jvanbaarsen avatar Sep 26 '14 07:09 jvanbaarsen