I just setup a minecraft server on an old laptop, but to make it acessible i needed to open up a port. Currently, these are the ufw rules i have. when my friends want to connect, i will have them find their public ip and ill whilelist only them. is this secure enough? thanks

`Status: active

To Action From


22/tcp ALLOW Anywhere Anywhere ALLOW my.pcs.local.ip`

also, minecraft is installed under a separate user, without root privlege

  • fahfahfahfahA
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    2
    ·
    2 months ago

    The volume on 22 will be a lot higher than a non default port. With 22 open my router was basically getting DDOS’d at times

    • ShortN0te@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Then using something like fail2ban to block bad acting connections is far more effective and you even get a security benefit out of it.

      Also, when a few scripts try to connect via ssh DDOS your router then something is messed up. Either a shitty router from 20 years ago or you have a Bandwidth lower than 100kbps.

      • fahfahfahfahA
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        I have fail2ban running on the server itself, also it was a lot more than “a few scripts”

    • teawrecks@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      2 months ago

      Agreed. Anyone who thinks it’s ok to just expose ssh on 22 to the internet has never looked at their logs. The port will be found in minutes, and be hammered by thousands of login attempts by multiple bots 24/7. Sure you can block repeat failed logins, but that list will just always be growing.