![]() SSH to that and then to the server you want to manage. Just run the cron job on the firewall/load balancer that you connect through/to. I don't think you should need 50 cron jobs, unless all your servers are directly accessible from the internet. I you are going to keep changing the firewall rules to follow your home IP address, I don't see any choice other than a cron job that queries the DNS name periodically. Last edited by squeaky2 June 2nd, 2019 at 03:05 AM. Unfortunately, I don't have any other recommendations than what I've already posted. It's very easy to enable, whitelist, or permanently disable scripts, though.Įdit: I just re-read your post and realized you're running a way bigger setup than I thought. Also, very very easy to break a website without any scripts on it. It also blocks clickjacking attacks, cross-site scripting attacks, and other various forms of nastiness that can happen on the internet. NoScript blocks all javascript content on a page, and you can select which scripts to run or block. NoScript and Privacy Badger are my two go-to's. There are various workarounds that you can use, as far as web browser extensions go. That's not much, but if you're someone who likes their privacy, it's pretty good. You get 2 Gb's of data to torrent per month. 100% compatible with 18.04 (Pro version gives you keys to set it up over OpenVPN as opposed to terminal commands), commands are simple, straight-forward, and terminal-based. Windscribe is a free VPN service (they also offer a subscription) that comes with a free firewall. I can't think why you are suggesting that ufw is not "robust".Īctually, if you wanted a good firewall (and a decent VPN to boot), I would definitely give Windscribe a shot. The next I can think of would be to sign up to a DNS service and install a client at home that changes the address associated with your home domain name, and create a script to query the address periodically and update the firewall if the address changes - it can call ufw if you don't want to configure iptables directly. I would recommend wireguard for this - it's delightfully easy to set up. Then you don't expose 22 to the internet at all. The next simplest is to install a vpn server at work, and run ssh over the VPN. The simplest solution is to use ssh keys, disable ssh passwords, and allow a range of IP addresses to connect (maybe your ISP's address range). But your home address is dynamic and liable to change. It's not exactly spelled out, but I gather you want your mail server (at work I guess) to have a firewall configuration that permits only your home IP to connect to port 22. Yes thats a script kiddie mIRC reference for all of those under the age of 40. And if you say TNSR or VyOS I will in my overactive imagination smack you with a rotting trout. I spend enough time in pfsense - I need a break. GFI may take that crown.īut, I just need a firewall people and I don't want to deal with pfSense for like 1 week. I thought Symantec was great-company-destroyer-in-chief. Because when they bought kerio, holy cow do they know how to wreck a company. I'm trying Xeams next.Īnd before you get into it, I need Activesync and Outlook not on IMAP and I need not-lazy-crap and not-gimme-mo-mo-money support and I need Active/Active or Active/Passive server clustering between two datacenters in two states and the ability to handle like 1000 users and all to offer at cheaper than Office365. I tried iredmail, but when it takes me 50 minutes to get my wildcard cert installed and I already agreed to pay $1000/year but then the guy was like "Oh I need $99 for that". ![]() ![]() Reason being, I may blow away this server 5-6 times in the next week testing different mail servers. I do NOT have a GUI on system so it will need to be console or web-based and moved to another port than 443. Yes yes I know don't use password set up the keys.Ĭan I without a iptables script to check my dynamic and recreate the iptables rule just apt-get a firewall that can handle it. I just need to lock port 22 down to specific IP Address but while my office is static my home is dynamic and I work from home a lot and without a jump server and yadda yadda yadda. I know, I know, I know.ĭoes there exist a bit more robust firewall for the local linux server that will run a mail server. So I literally set an ubuntu vm with an unfettered public IP. Anyway, I normally have a public facing firewall for my servers, but I am doing tests for a replacement for Kerio Connect and the server I am on, despite having dual AMD Epycs and 512GB of ram is nearly full of resources and there was also a reddit post on nat is crap and well, I wanted to play.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |