🖋️
certificationportal
  • Cryptobounty Certification Program
  • Certifications
    • Cryptobounty Certified Pool Operator
  • Micro-Certifications
    • Node Security
    • Key Management
    • Node Configuration
    • Node Management
    • Node Monitoring
  • Guides
    • General OS Hardening (Ubuntu 20.04 LTS)
    • SSH Hardening
    • Starting the Node
    • Up and running the Systemd
    • Building the Node
    • Managing Hot Keys
    • Operating with Cold Keys
    • Key Security
    • Node Monitoring with Prometheus
    • Displaying Node Metrics with Grafana
    • Using RTView
    • Cardano-Cli Basics
    • 3rd Party Monitoring Tools (gLiveview, etc.)
    • Chrony Configuration
    • Firewall Configurations
    • Configuration, Topology, Genesis
Powered by GitBook
On this page

Was this helpful?

  1. Guides

Firewall Configurations

The UFW firewall can be used to control the network access to your node With any new installation, UFW is disabled by default. You will have to enable it with the following steps:

Deny any incoming and outgoing traffit

 sudo ufw default deny incoming 
 sudo ufw default allow outgoing

Allow ssh access

 sudo ufw allow ssh (port 22 or your ssh port number) /tcp

Allow cardano-node p2p port

 sudo ufw allow (your port #) /tcp

Allow chrony ntp

 sudo ufw allow 123/udp

Enable Firewall

 sudo ufw enable

Verify status

 sudo ufw status numbered

Only open these following ports on nodes behind a network firewall Allow grafana web server port

 sudo ufw allow 3000/tcp

Allow prometheus endpoint port

 sudo ufw allow 9100/tcp

Allow prometheus cardano-node metric data port

 sudo ufw allow 12798/tcp

This next step is optional but recomended to follow Permitting connections from a specific IP can be set up by following these next commands

 sudo ufw allow (your laptop)

Example

  • sudo ufw allow from (182.382.84.22)

PreviousChrony ConfigurationNextConfiguration, Topology, Genesis

Last updated 3 years ago

Was this helpful?