JohnG Posted January 18 Share Posted January 18 Enable the firewall: List open ports: sudo lsof -i -P -n | grep LISTEN Allow only needed: sudo ufw allow 22/tcp # Allow SSH connections sudo ufw allow 80/tcp # Allow HTTP connections sudo ufw allow 443/tcp # Allow HTTPS connections You can also restrict access to specific IP addresses or subnets: sudo ufw allow from 192.168.1.10 to any port 22 # Only allow SSH from this IP sudo ufw allow from 192.168.1.0/24 to any port 443 # Allow HTTPS from this subnet Verify Firewall Status: Check the firewall rules you've set: sudo ufw status verbose sudo ufw enable UFW's default policy is to deny incoming connections and allow outgoing connections. This is generally what you want. Only open ports you explicitly need. Optional: Configure it to open only the necessary ports (if needed at all). Remove any unnecessary preinstalled software. Update the software to the latest versions: sudo apt update && sudo apt upgrade -y Disable the printing service if it's not needed: sudo systemctl mask cups sudo systemctl mask cups-browsed Then, reboot the system. If you need it later, you can re-enable it: sudo systemctl unmask cups sudo systemctl unmask cups-browsed Then, reboot the system or run: sudo systemctl start cups or sudo systemctl start cups-browsed depending on your needs. In all installed browsers: Enable the "HTTPS-Only" option, which disables unencrypted connections. Enable encrypted DNS (DoH). Disable third-party cookies. Link to comment Share on other sites More sharing options...
Recommended Posts