So we’ve had need to open a couple of ports on our home-server to the real-world. Its like letting a child out in the evening for the first time alone – you’ve no idea what trouble they might get into but just hope you’ve prepared them enough.
These are my notes for when I forget what I’ve done.
The router is only forwarding HTTP and SSH traffic to the server. SSH has been locked down so it only accepts Key logins from non-root users so I think this is pretty good. The default site forwards via .htaccess to this domain which prevents general rumblings if you find it and only certain external subdomains are identified in the server’s /etc/hosts file.
Denyhosts is installed.
UFW Firewall has been configured using
sudo ufw default deny
sudo ufw allow ssh
sudo ufw allow www
sudo ufw allow 10000
sudo ufw allow 443
sudo ufw allow Samba
sudo ufw allow 5901
sudo ufw enable
Thanks to 1000Umbrellas for the above.
Apparently, its possible to use allow webmin but this didn’t seem to work in this instance.