🔐 UFW Security Template

Install UFW (if not already installed)

sudo apt update
sudo apt install ufw -y

Set default policies

# Allow all outgoing connections
sudo ufw default allow outgoing

# Deny all incoming connections by default
sudo ufw default deny incoming

Allow SSH access (default port 22)

sudo ufw allow ssh/tcp

If you use a custom SSH port (e.g. 2222), use:
sudo ufw allow 2222/tcp

Block outgoing connections to private/internal IP ranges

This prevents data exfiltration and limits lateral movement in case of compromise.

sudo ufw deny out from any to 10.0.0.0/8
sudo ufw deny out from any to 172.16.0.0/12
sudo ufw deny out from any to 192.168.0.0/16
sudo ufw deny out from any to 100.64.0.0/10
sudo ufw deny out from any to 198.18.0.0/15
sudo ufw deny out from any to 169.254.0.0/16

Make sure your node doesn’t rely on peers or services in these private IP ranges.

Enable UFW

sudo ufw enable

Previous📘 Monitoring Polkadot Nodes with Prometheus and Alertmanager NextStarknet

Last updated 2 months ago