iptables rules to stop undesired connections.
Just execute:
sudo apt install curl -y && \
curl -s https://raw.githubusercontent.com/TurboLabIt/zzfirewall/master/setup.sh | sudo bashNow copy the provided sample configuration file (zzfirewall.default.conf) to your own zzfirewall.conf and set your preference:
sudo cp /usr/local/turbolab.it/zzfirewall/zzfirewall.default.conf /etc/turbolab.it/zzfirewall.conf && \
sudo nano /etc/turbolab.it/zzfirewall.confsudo zzfirewallIf you want to limit SSH access to pre-approved hosts, create a file and add your IPs/DDNS (one per line):
sudo nano /etc/turbolab.it/zzfirewall-whitelist.conf && \
sudo zzfirewall-whitelist-updateTo allow HTTP(S) traffic from specific countries only, do this:
## Allow web traffic from specific countries only
ALLOW_WEBSERVER=0
GEOALLOW_WEB_COUNTRIES=italy,switzerlandJust set:
## Allow web traffic from Cloudflare only
ALLOW_WEBSERVER=0All web traffic will be accepted through Cloudflare only.
sudo iptables -I "INPUT" -s "TRUSTED_IP_ADDRESS" -j ACCEPT## Database-only, LAN-only server
ALLOW_WEBSERVER=0
ALLOW_WEBSERVER_FROM_WHITELIST=0
ALLOW_FTP=0
GEOBLOCK=0sudo zzfirewall-resetIt wipes every iptables rule and every ipset on the box. If Docker is installed and running, it gets restarted automatically so it can rebuild its own iptables rules.
sudo zzfirewall-generate