setting up ssh and ufw
This is my hosts file which allows me to type ssh chip instead of the full ip address:
jone@phosphene .ssh $ cat config
Host chip
HostName 192.168.100.3
User jone
Port 22
Host contabo
HostName 192.168.100.1
User root
Port 22
Host squiggle
HostName 192.168.100.8
User jone
Port 22
For generating keys, I use
ssh-keygen -o -a 100 -t ed25519
and then for installing the keys onto a remote server:
ssh-copy-id chip
For ufw, I use variations of this basic setup:
# First, reset to clean state (only if you want to start fresh)
ufw reset
# Set default policies
ufw default deny incoming
ufw default allow outgoing
# SSH access from local networks only
ufw allow from 192.168.100.0/24 to any port 22 proto tcp
ufw allow from 192.168.1.0/24 to any port 22 proto tcp
# Nebula VPN
ufw allow 4242/tcp
ufw allow 4242/udp
# Pi-hole DNS
ufw allow from 192.168.100.0/24 to any port 53 proto tcp
ufw allow from 192.168.100.0/24 to any port 53 proto udp
ufw allow from 192.168.1.0/24 to any port 53 proto tcp
ufw allow from 192.168.1.0/24 to any port 53 proto udp
# Pi-hole web interface
ufw allow from 192.168.100.0/24 to any port 80 proto tcp
ufw allow from 192.168.1.0/24 to any port 80 proto tcp
ufw allow from 192.168.100.0/24 to any port 443 proto tcp
ufw allow from 192.168.1.0/24 to any port 443 proto tcp
# DHCP (only if Pi-hole is handling DHCP)
ufw allow from 192.168.100.0/24 to any port 67 proto udp
ufw allow from 192.168.1.0/24 to any port 67 proto udp
# Sunshine TCP port range 47984-47990
sudo ufw allow from 192.168.100.0/24 to any port 47984:47990 proto tcp
sudo ufw allow from 192.168.1.0/24 to any port 47984:47990 proto tcp
# Sunshine TCP port 48010
sudo ufw allow from 192.168.100.0/24 to any port 48010 proto tcp
sudo ufw allow from 192.168.1.0/24 to any port 48010 proto tcp
# Sunshine UDP port range 47998-48000
sudo ufw allow from 192.168.100.0/24 to any port 47998:48000 proto udp
sudo ufw allow from 192.168.1.0/24 to any port 47998:48000 proto udp
# Enable the firewall if not already enabled
ufw enable