From 237c4af1ac6ec78a702f6bbf7685e1783e13b900 Mon Sep 17 00:00:00 2001 From: Jackson Willette <128452144+Tieman0220@users.noreply.github.com> Date: Sat, 22 Apr 2023 18:32:19 -0500 Subject: [PATCH] Update firewall rules New PR from main branch b/c idk how to git Add firewall rules and enable firewall as a matter of security best practice. Add command to log in as new jackal user and update wording to match --- docs/nodes/1_install.md | 56 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/docs/nodes/1_install.md b/docs/nodes/1_install.md index 6e16e36..5b11c3c 100644 --- a/docs/nodes/1_install.md +++ b/docs/nodes/1_install.md @@ -9,6 +9,56 @@ There are a few things needed before installing. While logged in as the 'root' or 'admin' user, we add a 'jackal' user and give them root privileges. +### Enable Firewall Rules +Enabling the firewall is important to ensure your hardware remains secure. The following commands will add rules required for access on both validators and providers: + +```sh +sudo ufw allow 22 +sudo ufw allow 80 +sudo ufw allow 443 +``` + +Additional ports are required if you are running a validator: + +```sh +sudo ufw allow 26657 +sudo ufw allow 26658 +``` + +The only additional port required for a provider is 3333: + +```sh +sudo ufw allow 3333 +``` + +If you are running a combined validator/provider, you need to allow all of the above ports. After adding ports to the rules list, you will need to start the firewall: + +```sh +sudo ufw enable +``` + +After starting the firewall, verify all of the required rules are in place by running: + +```sh +sudo ufw status verbose +``` + +Your output should be similar to the following: + +```sh +Status: active + +To Action From +-- ------ ---- +22 ALLOW Anywhere +80 ALLOW Anywhere +443 ALLOW Anywhere +1317 ALLOW Anywhere +3333 ALLOW Anywhere +26657 ALLOW Anywhere +26658 ALLOW Anywhere +``` + ### Create Jackal user ```sh @@ -16,7 +66,11 @@ sudo adduser --gecos "" jackal sudo usermod -aG sudo jackal ``` -Re-log in as the jackal user to complete the below steps. +Log in as the jackal user to complete the below steps: + +```sh +sudo su - jackal +``` ### Installing required tools This will install the necessary tools to build the jackal chain source, along with lz4 compression tool and jquery tool.