VALIDEXIS Services
  • πŸ‘‹ About US
  • 🌐 Supported Networks
  • 🌍 Our Validators
  • πŸ” Validator Security: Our Approach and Protection Measures
    • πŸ”’Enhancing SSH Security for a Validator
    • πŸ“‘ TMKMS for Remote Signing
    • πŸ”‘ Horcrux
    • πŸ›‘οΈ Protecting Validator from DDoS Attacks
    • 🧩Multi-Factor Authentication (MFA) for a Validator
  • 🚨Monitoring
    • πŸ“Š Node-exporter + Prometheus + Grafana
    • πŸ•΅οΈ TenderDuty for Node Monitoring
  • 🧡 Setting up connection to IBC with Hermes
  • πŸ€–CelestiaUltraBot
    • πŸ† Contest
    • πŸš€ Getting started
    • πŸ–₯️ Validator monitoring
    • πŸ” Bridge Node Monitoring
    • πŸ‘› Wallet
    • πŸ›Έ AI Troubleshooting
  • 🟒 MAINNETS
    • Celestia
      • πŸ—‚οΈ API/RPC/gRPC/AddrBook
      • πŸ“Έ Snapshot
      • πŸ”— Validator Node Installation
        • πŸ› οΈ Upgrade
        • πŸ“œ Useful Commands
      • πŸ’Ύ Full Node Installation
        • πŸ› οΈ Upgrade
        • πŸ“œ Useful Commands
      • πŸŒ‰ Bridge Node Installation
        • πŸ› οΈ Upgrade
        • πŸ“œ Useful Commands
      • πŸ’‘ Light Node Installation
        • πŸ› οΈ Upgrade
        • πŸ“œ Useful Commands
    • Zetachain
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Xion
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Nibiru
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Kyve
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Juno
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Agoric
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • CosmosHub
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Lava
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Uptick
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Paloma
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Kusama
      • πŸ—‚οΈ API/RPC
      • πŸ“Έ Snapshot
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • Polkadot
      • πŸ—‚οΈ API/RPC
      • πŸ“Έ Snapshot
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
      • πŸ”§ Installing a Polkadot Node Using Kagome
      • πŸ§ͺ Benchmarking a Server for Substrate/Polkadot
      • πŸ“˜ Monitoring Polkadot Nodes with Prometheus and Alertmanager
      • πŸ” UFW Security Template
    • Starknet
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
    • NYM
      • βš™οΈ Installation
      • πŸ› οΈ Upgrade
      • πŸ“œ Useful Commands
  • 🟑 TESTNETS
    • Celestia
      • πŸ—‚οΈ API/RPC/AddrBook
      • πŸ“Έ Snapshot
      • πŸ”— Validator Node Installation
        • πŸ› οΈ Upgrade
        • πŸ“œ Useful Commands
      • πŸ’Ύ Full Node Installation
        • πŸ› οΈ Upgrade
        • πŸ“œ Useful Commands
      • πŸŒ‰ Bridge Node Installation
        • πŸ› οΈ Upgrade
        • πŸ“œ Useful Commands
      • πŸ’‘ Light Node Installation
        • πŸ› οΈ Upgrade
        • πŸ“œ Useful Commands
Powered by GitBook
On this page
  1. 🟒 MAINNETS
  2. Polkadot

πŸ” UFW Security Template

Install UFW (if not already installed)

sudo apt update
sudo apt install ufw -y

Set default policies

# Allow all outgoing connections
sudo ufw default allow outgoing

# Deny all incoming connections by default
sudo ufw default deny incoming

Allow SSH access (default port 22)

sudo ufw allow ssh/tcp

If you use a custom SSH port (e.g. 2222), use:

sudo ufw allow 2222/tcp

Block outgoing connections to private/internal IP ranges

This prevents data exfiltration and limits lateral movement in case of compromise.

sudo ufw deny out from any to 10.0.0.0/8
sudo ufw deny out from any to 172.16.0.0/12
sudo ufw deny out from any to 192.168.0.0/16
sudo ufw deny out from any to 100.64.0.0/10
sudo ufw deny out from any to 198.18.0.0/15
sudo ufw deny out from any to 169.254.0.0/16

Make sure your node doesn’t rely on peers or services in these private IP ranges.

Enable UFW

sudo ufw enable
PreviousπŸ“˜ Monitoring Polkadot Nodes with Prometheus and AlertmanagerNextStarknet

Last updated 24 days ago