Firewalls¶

Jetstream2 staff encourages a defense-in-depth approach to security. This potentially involves several methods of restricting access and securing instances.

Firewalls are not enabled by default on Jetstream2 instances. Depending on the user interface you launched your instance from, you may have different security groups established for your instance. (See What is the default security profile for Jetstream2 VMs? for more information on that.)

We encourage keeping your instances patched, rebooting as needed for any kernel or glibc patches, limiting access to all services as much as possible, utilizing security groups if your interface allows it, and running your own host-based firewall if you’re comfortable administering it.

If you are comfortable administering a firewall, we would encourage you to read the following tutorials for their respect Linux variants. Ubuntu’s UFW (Uncomplicated FireWall) is very simple to use, though making sure you leave SSH access open is crucial (and often missed by first time UFW users) so you do not lock yourself out of your virtual machine.

Ubuntu 20 and 18¶

How to Set Up a Firewall with UFW on Ubuntu 20.04 is a good initial tutorial for setting up UFW.

Rocky 8 / Alma 8 / CentOS 7¶

The Redhat variants are a little less user friendly.

How to Open or close ports in AlmaLinux 8 or Rocky Firewall is a good reference for getting started with firewalld.

How to Set Up a Firewall with FirewallD on CentOS 7 will get you started with firewalld on CentOS 7