Insider Tip - In some cases, you may have to restart the router for these changes to be accepted.
STEP 1
Your first step is to make sure your network is functioning properly and that you have a valid and strong Internet connection available to all wireless devices within range. Check to see that the router is plugged into the modem via Ethernet cable and that you use the network to connect to the Internet. STEP 2 Now it is time to access a dedicated settings page or the admin panel. This process varies depending on the router, so check your instruction manual or hit up a quick web search for specific details on how to do this with your router. Be sure to set aside your network name, public IP address, default password, and any other relevant information for later. STEP 3 In most cases, you can access the router’s settings page by inputting your router’s IP address in the address bar of a web browser. Otherwise, use dedicated firmware of a mobile app provided by the router’s manufacturer. STEP 4 Once on the settings page, look for port options, otherwise called port forwarding options. Turn off whichever ports you desire and be sure to save your changes.$ sudo apt update && sudo apt upgrade -y
On Fedora, CentOS, or RHEL:
$ sudo dnf upgrade
$ adduser <username>
Give your new user account sudo rights by appending (-a) the sudo group (-G) to the user's group membership:
$ usermod -a -G sudo <username>
$ ssh-copy-id <username>@ip_address
Now you can log into your new server without having to type in a password.
AddressFamily inet
Restart the SSH service to enable your changes. Note that it's a good idea to have two active connections to your server before restarting the SSH server. Having that extra connection allows you to fix anything should the restart go wrong.
On Ubuntu:
$ sudo service sshd restart
On Fedora or CentOS or anything using Systemd:
$ sudo systemctl restart sshd
$ sudo apt install ufw
By default, UFW denies all incoming connections and allows all outgoing connections. This means any application on your server can reach the internet, but anything trying to reach your server cannot connect.
First, make sure you can log in by enabling access to SSH, HTTP, and HTTPS:
$ sudo ufw enable
You can see what services are allowed and denied with:
$ sudo ufw status
If you ever want to disable UFW, you can do so by typing:
$ sudo ufw disable
You can also use firewall-cmd, which is already installed and integrated into some distributions.
$ sudo apt install fail2ban -y
Then copy the included configuration file:
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
And restart Fail2ban:
$ sudo service fail2ban restart
That's all there is to it. The software will continuously examine the log files looking for attacks. After a while, the app will build up quite a list of banned IP addresses. You can view this list by requesting the current status of the SSH service with:
$ sudo fail2ban-client status ssh
$ sudo ss -atpu
The output from ss will differ depending on your operating system. This is an example of what you might see. It shows that the SSH (sshd) and Ngnix (nginx) services are listening and ready for connection:
$ sudo apt purge <service_name>
To remove an unused service on Red Hat/CentOS:
$ sudo yum remove <service_name>
Run ss -atup again to verify that the unused services are no longer installed and running.