Vds and iptables - is it necessary? How to proceed in my case?

V

Viktor Los2016-01-04 00:21:36

PHP

Viktor Los, 2016-01-04 00:21:36

Kind time of the day, I don’t understand (very) in system administration.
There is a VDS, a site (service) is spinning on it. The site interrogates a certain set of servers (game), (stream_socket_client ('tcp://...) ports and ip addresses
are different. Vds must be protected somehow, but how? (From security, only changed the ssh port) Close incoming connections except (:80 and ssh port )
?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey Cheremisin, 2016-01-04
@itnetchannel

1) close all incoming. If the http server is not worth it, then close and 80
2) remove the root login via ssh, make a user and sudo, generate a certificate for the user and generate a long password. Remove ssh password login for everyone.
Login remotely only with a certificate, and get the root with a password!
3) install fail2ban
4) it is desirable to install a firewall that will generate the correct rules for syn-flood and so on. For example firehol. The same applies to point 1).
5) this is enough, but you can also put services in docker or in lxc.