# 🔐 UFW Security Template #### *Install UFW (if not already installed)* ```bash sudo apt update sudo apt install ufw -y ``` #### *Set default policies* ```bash # Allow all outgoing connections sudo ufw default allow outgoing # Deny all incoming connections by default sudo ufw default deny incoming ``` #### *Allow SSH access (default port 22)* ```bash sudo ufw allow ssh/tcp ``` > If you use a custom SSH port (e.g. 2222), use: > > ```bash > sudo ufw allow 2222/tcp > ``` #### *Block outgoing connections to private/internal IP ranges* This prevents data exfiltration and limits lateral movement in case of compromise. ```bash sudo ufw deny out from any to 10.0.0.0/8 sudo ufw deny out from any to 172.16.0.0/12 sudo ufw deny out from any to 192.168.0.0/16 sudo ufw deny out from any to 100.64.0.0/10 sudo ufw deny out from any to 198.18.0.0/15 sudo ufw deny out from any to 169.254.0.0/16 ``` > Make sure your node doesn’t rely on peers or services in these private IP ranges. #### *Enable UFW* ```bash sudo ufw enable ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://services.validexis.com/mainnets/polkadot/ufw-security-template.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.