Last active
August 15, 2019 13:03
-
-
Save VirtuBox/ec0ec0a55261456dc8da4b5cb55ede3c to your computer and use it in GitHub Desktop.
WordOps Firewall config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # get current ssh port | |
| CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}') | |
| # define firewall rules | |
| ufw logging low | |
| ufw default allow outgoing | |
| ufw default deny incoming | |
| # default ssh port | |
| ufw limit 22 | |
| # custom ssh port | |
| if [ "$CURRENT_SSH_PORT" != "22" ];then | |
| ufw limit "$CURRENT_SSH_PORT" | |
| fi | |
| # dns | |
| ufw allow 53 | |
| # nginx | |
| ufw allow http | |
| ufw allow https | |
| # ntp | |
| ufw allow 123 | |
| # wordops backend | |
| ufw allow 22222 |
If you only have WordOps installed on your server, the port 25 isn't required, and for the FTP, WordOps already handle this configuration during proftpd installation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks a ton for the great insights master. Will make the required changes right now.
Should I keep the following ones too or aren't they required: