Add recommended hetzner firewall documentation #147
Comments
|
My personal experience as a comment here. There are two options for the firewall. 1) Hetzner offers GUI for managing firewall in front of your server, 2) use firewalld on your server, if it's CentOS/RHEL/etc. I personally block ports I never want open (RPC bind + portmapper) in Hetzner firewall just in case, and leave anything else open. Then I do set more fine grained rules on the Linux itself. E.g. all kinds of port mappings to VMs etc. Just to say, I find it good to have it in two layers like that. So if you don't do anything weird in your linux, you don't even need to block anything there, just forward the service ports for VMs. Result is that you have only ssh open hopefully in some high port on host, and things like OCP API 6443 & 80 & 443 being forwarded to OCP VMs.. I also run tower, and some VM direct ssh port openings on the host on high ports, and find this as a good setup for me. |
|
Fixed in devel branch, will be merged into master via PR #159 |
No description provided.
The text was updated successfully, but these errors were encountered: