NS7 vs NS8 requirements based on hosted cloud VPS only

davidep · May 31, 2024, 8:21pm

In this scenario you install the single node on the VPS and the built-in firewall is enough.

As said:

Probe attempts can be blocked/mitigated with

Crowdsec application (released)
Change of ssh default port (documented here NS8 Change node SSH port 22 permanently - #15 by davidep)
Limit HTTP access from certain IPs (planned and documented here How do I prevent the administration page from being accessible from the Internet? - #2 by davidep)

robb · June 2, 2024, 12:23pm

1: I will install that after migrating services
2: already done and confirm this works on a Debian 12 host for NS8
3. Since I do not have a dedicated IP address to work from so unfortunately this is not an option for me

LayLow · June 2, 2024, 1:55pm

I would love to see a reverse option. Block all except, so disallow all except for IP(rang, regex, geo) and/or only allow access when connected via VPN. So only available on 'green, not on red, that would be a nice option too based on per module/app basis

LayLow · June 2, 2024, 2:33pm

Agree, hence the suggested VPN only option.