Inspired by this comment to try to learn what I’m missing.
- Cloudflare proxy
- Reverse Proxy
- Fail2ban
- Docker containers on their own networks
Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?
I’ve seen it done as such:
sudo ufw deny out 1:19/tcp sudo ufw deny out 1:19/udp sudo ufw deny out 22:52/tcp sudo ufw deny out 22:52/udp sudo ufw deny out 54:79/tcp sudo ufw deny out 54:79/udp sudo ufw deny out 81:122/tcp sudo ufw deny out 81:122/udp sudo ufw deny out 124:442/tcp sudo ufw deny out 124:442/udp sudo ufw deny out 444:65535/tcp sudo ufw deny out 444:65535/udp
But your way seems a bit more elegant