I realized that I should probably set up a firewall on t/suki's machines.
Using nmap forum.tsuki.games from a
remote machine, I can see:
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-22 13:13 PDT
Nmap scan report for forum.tsuki.games (104.245.36.36)
Host is up (0.012s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
646/tcp filtered ldp
3000/tcp open ppp
Nmap done: 1 IP address (1 host up) scanned in 14.98 secondsLooks like I have some ports open that I don't
want to have open. SSH'ing into the container, I
know that I need to set up a firewall with
ufw, but I've never used it before.
Running ufw status shows:
Status: inactiveWell, okay. I guess the first step is to enable
it, right? So, I run ufw enable:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? n
AbortedWhoops. Looks like I probably need to configure
the firewall first, since I don't want my SSH
connection to be terminated. But how do I see what
rules are currently added? The status just says that
the firewall is inactive. After a brief internet
search, I find out in a
StackOverflow thread that the command to run is
sudo ufw show added: [^1]
Added user rules (see 'ufw status' for running firewall):
(None)That makes sense, because I've never used
ufw on this machine before. I add the
ports I want to have open, and then enable the
firewall:
ufw allow ssh
ufw allow http # So nginx can redirect http requests to https
ufw allow https
ufw enableRunning nmap again, I see:
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-22 13:21 PDT
Nmap scan report for forum.tsuki.games (104.245.36.36)
Host is up (0.014s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 5.15 secondsNow only the ports I want to have open are
exposed! I went ahead and did the same for
git.tsuki.games.