{"id":5952,"date":"2021-07-06T22:38:01","date_gmt":"2021-07-06T22:38:01","guid":{"rendered":"https:\/\/www.geekdecoder.com\/?p=5952"},"modified":"2021-07-06T22:38:01","modified_gmt":"2021-07-06T22:38:01","slug":"securing-ipfs-with-ufw-firewall-on-debian-10","status":"publish","type":"post","link":"https:\/\/www.qbytes.cloud\/index.php\/2021\/07\/06\/securing-ipfs-with-ufw-firewall-on-debian-10\/","title":{"rendered":"Securing IPFS with UFW Firewall on Debian 10"},"content":{"rendered":"

First lets install UFW<\/p>\n

\n$ sudo apt-get install ufw\n<\/pre>\n
Check the Status<\/p>\n
\n$ sudo ufw status verbose\n<\/pre>\n
By default, UFW is disabled so you should see something like this:<\/p>\n
\n$ Status: inactive\n<\/pre>\n
Let\u2019s set your UFW rules back to the defaults so we can be sure that you\u2019ll be able to follow along with this tutorial. To set the defaults used by UFW, use these commands:<\/p>\n
\n$ sudo ufw default deny incoming\n<\/pre>\n
Output:
\nDefault incoming policy changed to ‘deny’
\n(be sure to update your rules accordingly)<\/p>\n
\n$ sudo ufw default allow outgoing\n<\/pre>\n
Output:
\nDefault outgoing policy changed to ‘allow’
\n(be sure to update your rules accordingly)<\/p>\n
Allow SSH Connections<\/p>\n
To configure your server to allow incoming SSH connections, you can use this UFW command:<\/p>\n
\n$ sudo ufw allow ssh\n<\/pre>\n
Output:
\nRules updated
\nRules updated (v6)
\nthis command works the same as the one above:<\/p>\n
\n$ sudo ufw allow 22\n<\/pre>\n
Or if ssh is on a different port<\/p>\n
\n$ sudo ufw allow 2222\n<\/pre>\n
Now that your firewall is configured to allow incoming SSH connections, we can enable it<\/p>\n
\n$ sudo ufw enable\nCommand may disrupt existing ssh connections. Proceed with operation (y|n)? y\nFirewall is active and enabled on system startup\n<\/pre>\n
Now lets add the port access for IPFS
\n4001 – default libp2p swarm port – should be open to public for all nodes if possible
\n5001 – API port – provides write\/admin access to the node – should be locked down or only to your IP.
\n8080 – Gateway<\/p>\n
\n$ sudo ufw allow 4001\n<\/pre>\n
\n$ sudo ufw allow 5001\n<\/pre>\n
\n$ sudo ufw allow 8080\/tcp\n<\/pre>\n
Reload<\/p>\n
\n$ sudo ufw reload\n<\/pre>\n
Remove a Port<\/p>\n
\n$ sudo ufw status numbered\nStatus: active\n\n     To                         Action      From\n     --                         ------      ----\n[ 1] 22\/tcp                     ALLOW IN    Anywhere\n[ 2] 4001                       ALLOW IN    Anywhere\n[ 3] 5001                       ALLOW IN    Anywhere\n[ 4] 8080\/tcp                   ALLOW IN    Anywhere\n[ 5] 22\/tcp (v6)                ALLOW IN    Anywhere (v6)\n[ 6] 4001 (v6)                  ALLOW IN    Anywhere (v6)\n[ 7] 5001 (v6)                  ALLOW IN    Anywhere (v6)\n[ 8] 8080\/tcp (v6)              ALLOW IN    Anywhere (v6)\n\n<\/pre>\n
\n$ sudo ufw delete 2\n<\/pre>\n
Delete all firewall rules<\/p>\n
\n$ sudo ufw reset\n<\/pre>\n
To Allow connections for the Webui on a specific IP:<\/p>\n
\n$ sudo ufw allow from 1.2.3.4 to any port 5001\n<\/pre>\n
\nsudo ufw reload\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
First lets install UFW $ sudo apt-get install ufw Check the Status $ sudo ufw status verbose By default, UFW is disabled so you should see something like this: $ Status: inactive Let\u2019s set your UFW rules back to the defaults so we can be sure that you\u2019ll be able to follow along with this … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,51],"tags":[],"class_list":["post-5952","post","type-post","status-publish","format-standard","hentry","category-firewall","category-ipfs"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/5952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=5952"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/5952\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=5952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=5952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=5952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}