I have setup a wordpress site for a friend, but I’m afraid that I cannot remember all the steps and all corresponding commands, so I recorded what I did.
- Edit SSH configuration file, change port, password or disable password login for security, then restart ssh:
- Change IPTables rules, only allow connections desired ports, close unused ports:
- By default, IPTables rules are not persistent, i.e. they are reverted to the default after system reboot. To save the rules, install iptables-persistent package:
1 2 |
vim sshd_config service ssh restart |
1 2 3 4 5 6 |
iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 12345 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -j DROP |
where 12345 is the port number set in the above step.
1 |
apt install iptables-persistent |