Suggestion. Digital Ocean Documentation - FW Setup #1215
Comments
|
Your rules break WireGuard. Also, you don't need 500/TCP or 4500/TCP. You don't actually need IPv6 access to any service but SSH since Algo clients only connect to servers over IPv4. Here are my DigitalOcean rules, with SSH restricted to certain source addresses. Questions about the DigitalOcean firewall do come up from time to time, so perhaps it is worth documenting. Maybe I'll submit a PR. |
|
Hey David - Thanks for sharing and I have updated. Re your last point I think it would be useful to have the minamum fw config documented. |
|
@davidemyers Yes documentation about best practice on setup would be awesome. +1 from me. Are the rules you posted in the screenshot rules set for Inbound AND Outbound? I'm relatively non-technical on port range and protocol rules (i have to skill up on this area a lot). |
|
@jwebbstevens The rules I posted are for Inbound. The defaults can be used for Outbound. |
|
Amazing. Thanks. |
|
It's already documented in FAQ |
Digital Ocean offer a free firewall and I thought having the config would be useful to have in your setup doc.
These are the only rules I have setup and all works. If I need to SSH I will temporarity enable when in use.
Inbound Rules
Custom | TCP | 500 | All IPv4 All IPv6
Custom | TCP | 4500 | All IPv4 All IPv6
Custom | UDP | 500 | All IPv4 All IPv6
Custom | UDP | 4500 | All IPv4 All IPv6
Outbound Rules
ICMP | ICMP | | All IPv4 All IPv6
All TCP | TCP | All ports | All IPv4 All IPv6
All UDP | UDP | All ports | All IPv4 All IPv6
The text was updated successfully, but these errors were encountered: